Topic: Clamav & SpamAssassin

[Schotty]

Hello all!!

I just installed ClamAv from pagefault.org. I tired a few mails and it got tagged correctly.

X-Virus-Scanned: by amavis-ng-0.1.6.4-03dc on hobbit.fieldnet.de

I then installed SpamAssassin from http://sme.swerts-knudsen.dk.
Then i did :

/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

Now I am recieving mails with the following headers :

From: "Dick Billings" <dbillings_hl@arcada.fi>
Subject: =?iso-8859-1?b?UmU6TWlyYWNsZSBkcnVn?=
To: calumfield@web.de
MIME-Version: 1.0
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Message-ID: <2.2.32.200403012150110003b652@arcada.fi>
Content-Type: multipart/alternative;
   boundary="----=_NextPart_000_0C6F_12F39AA5.C4E2BD01"
X-WEBDE-FORWARD: calumfield@web.de -> calum@fieldnet.de
X-Fetchmail-Warning: recipient address calumfield@web.de didn't match any local name
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on hobbit.fieldnet.de
X-Spam-Status: No, hits=2.9 required=5.0 tests=HTML_60_70,HTML_IMAGE_ONLY_02,
   HTML_MESSAGE,HTML_TAG_BALANCE_BODY,PYZOR_CHECK autolearn=no
   version=2.63
X-Spam-Level: **

They are not being tagged by the virusscanner anymore  

In amavis.conf I have :
x-header=true
x-header-tag=X-Virus Scanned by.... on....


q-mail-queue= /var/qmail/bin/qmail-spamc

Could anyone help me on getting this working please??

Thanks alot

Schotty

[mthomas]

Wish I had the answer but.......... I'm having the same problem in reverse! Clamav(by dungog) works like a champ but nothing I do will pass the mail through to spamassassin.

[Anonymous]

Hello all!!

I just installed ClamAv from pagefault.org. I tired a few mails and it got tagged correctly.

X-Virus-Scanned: by amavis-ng-0.1.6.4-03dc on hobbit.fieldnet.de

I then installed SpamAssassin from http://sme.swerts-knudsen.dk.
Then i did :

/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

Now I am recieving mails with the following headers :

From: "Dick Billings" <dbillings_hl@arcada.fi>
Subject: =?iso-8859-1?b?UmU6TWlyYWNsZSBkcnVn?=
To: calumfield@web.de
MIME-Version: 1.0
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Message-ID: <2.2.32.200403012150110003b652@arcada.fi>
Content-Type: multipart/alternative;
   boundary="----=_NextPart_000_0C6F_12F39AA5.C4E2BD01"
X-WEBDE-FORWARD: calumfield@web.de -> calum@fieldnet.de
X-Fetchmail-Warning: recipient address calumfield@web.de didn't match any local name
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on hobbit.fieldnet.de
X-Spam-Status: No, hits=2.9 required=5.0 tests=HTML_60_70,HTML_IMAGE_ONLY_02,
   HTML_MESSAGE,HTML_TAG_BALANCE_BODY,PYZOR_CHECK autolearn=no
   version=2.63
X-Spam-Level: **

They are not being tagged by the virusscanner anymore  

In amavis.conf I have :
x-header=true
x-header-tag=X-Virus Scanned by.... on....


q-mail-queue= /var/qmail/bin/qmail-spamc

Could anyone help me on getting this working please??

Thanks alot

Schotty

Your installation of spamassassin has overwritten the Filter properties where the e-mails are passed to amavis for virus processing.

If your using the antivirus web manager panel then ensure the settings are as you require and click the 'save' button.

If your using 5.6 or have installed on 6.0 without the web panel then manually set the Internal and External Filter properties as mentioned in the howto.

[Knuddi]

Actually these two installations do not need to conflict if you are terminating emails on the server. If you follow the ClamAV installation on either pagefault.org or SME.swerts-knudsen.dk it inserts the clamav filter into the qmail queue system. The howto on SA also on sme.swerts-knudsen.dk relies on theprocmail filter to scan the email for spam. So you shouldn't do:

/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

Just do what the Howto indicated and inserts the qmail-queue.amavis as this:

[root@e-smith]# /sbin/e-smith/db configuration setprop smtpfront-qmail InternalInterfacesFilter /usr/bin/qmail-queue.amavis
[root@e-smith]# /sbin/e-smith/db configuration setprop smtpfront-qmail ExternalInterfacesFilter /usr/bin/qmail-queue.amavis
[root@e-smith]# /sbin/e-smith/signal-event email-update

If you are creating a "Spam and virus wall" you should add the:

q-mail-queue= /var/qmail/bin/qmail-spamc

in the amavis.conf file as procmail is not activated. You cannot filter spam email away then - they will just be tagged.

Rgds,
Jesper Knudsen (sme.swerts-knudsen.dk)

[Schotty]

This is now working... In fact it just stopped a virus and marked 22 messages as spam...


Many thanks for your help


Schotty

[mrjhb3]

All,

I have been following this discussion and have had a chance to test spamassassin and clamav a little bit more.  Please let me know if I am following this correctly.  I have installed clamav and spamassassin from Jespers' site.  I did reset the filters so the virus scan would work again.  I also made the above change to the qmail-queue so the mail would be filtered through spamassassin.

I black-listed an internal e-mail account, and left my other user's mail to deliver email locally.  Mail from the black-listed client was tagged as spam and delivered to my in box.  With my settings set this way, I could create rules in either webmail or my IMAP client to move all mail with a subject that includes SPAM to the junkmail folder, which works as
expected.

Next I changed my user's mail settings to use procmail in normal mode.  Mail from the black-listed client was not delivered at all.  Which again works as I expected.

Next, I removed my internal e-mail account from the black-list and did a save/restart on the spamassassin button.  Mail from all internal clients was never delivered.  Looking at the log on the userpanel shows all mail being sent to /dev/null.  This wasn't what I
expected.  Maybe this has something to do with how my test accounts are setup, user1, user2, etc.

Lastly, I changed my mail delivery back to local and mail was delivered to my inbox from the internal clients.

So, from my testing, procmail doesn't seem to be working well for me.  Mail sent from the internal clients are being tagged as spam, and not being delivered at all.  So, I could modify the default templates and remove the /dev/null statement to at least get all mail delivered to the junkmail folder.  But, it's a bit of a pain having to check the
junkmail folder for legit internal e-mail.  

Or, maybe more testing is needed by me.  I have not tested this with external e-mail as of yet to see how the deliver email locally works with legitimate spam coming in.

I would appreciate any and all comments on the above assessment and like to hear others experiences.

Thanks,

Jb

[tobyk]

I've been attempting to setup ClamAV and SpamAssassin to do their thing before the SME server passes the messages onto the exchange server i have set under delegate mail.

I followed the instructions from http://sme.swerts-knudsen.dk using ClamAV first and then SpamAssassin. SpamAssassin worked but not ClamAV. I ran the CLAMAV install again but since then have been unable to get SpamAssassin happening although CLAMAV works. I've followed the steps including the line in amavis.conf but all to no avail, the only thing i get in the headers is the AV not SPAM....any ideas?

[hordeusr]

The dungog clamav rpm now adds a checkbox to forward to spamassassin.  It costs however, but it may be what you are looking for.  ASSP is working really, really well for us(way better than SA was), so I don't use that checkbox.

[tobyk]

Thanks for your post. This is great to hear as i have a Dungog subscription but had not tried this. Will have a go with that.

Toby

[kmccarn]

FYI -

I have been installing/testing many similar config's and have found this procedure to work. (as a frontline for exchange)

1 - install the custon 6.01 iso from Keanes

2 - install all the dungog stuff (important to do this before swerts-knudsen)

3 - install spamassassin from SK

4 - install mrtg from SK

5 - change all the settings in av & sa to the settings I want.

6 -  Run the commands from pagefault:

/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

7 - reboot the sme box.

I don't try to use procmail at all because the only users I have on the sme system are the 10 people that need vpn access - not the 250 that are on the exchange system.

Works like a champ.

[guest]

Hi,
I have the latest Clam as per Damiens web site, and just installed the sa script from Swerts-Knudsen.
In the server manager I am missing a link to configure sa?
There were not errors on the install.
Any one else have this and a fix?
Alternately after running Swerts-Knudsen script, if you decide you do not want sa what is recommended wat to uninstall.

[stancol]

Try this...
Step1

http://no.longer.valid/phpwiki/index.php/Antivirus%20Scanning%20for%20SME%206.0%20-%20Clam%20Antivirus%20and%20Amavis-ng

Then....
Step2

http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_16.htm

Then....
Step3

To enable Spamassassin after installing and configuring these packages via the web manager panel at the command line type the commands:
/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

I actually got it to work by doing step 3 before step 2 but I believe the correct order to be the order I've listed.


Make sure you have the latest rpm beta installed.

http://mirror.contribs.org/smeserver/contribs/mblotwijk/Contribs/SpamAssassin/