Koozali.org: home of the SME Server

Email ,CLAM and unofficial SaneSecurity

Offline p-jones

  • *
  • 588
  • +0/-0
Email ,CLAM and unofficial SaneSecurity
« on: April 23, 2010, 11:45:31 PM »
I have the additional CLAM databases installed as per the WIKI and the work of Knuddi.

Is there any way to remove these additional databases from the CLAM process.

Since the CLAM Update I am experiencing a lot of email being blocked or email that cannot be sent as a result of the Sansecurity components. One such example is the weekly unjunk report

Quote
Your message did not reach some or all of the intended recipients.

      Subject:   FW: Summary of  emails blocked
      Sent:   23/04/2010 6:12 p.m.

The following recipient(s) could not be reached:

      'xxxxxxxxx' on 23/04/2010 6:12 p.m.
            552 Virus Found: Sanesecurity.Junk.28825.UNOFFICIAL

Thanks
« Last Edit: April 23, 2010, 11:48:35 PM by p-jones »
...

Offline Franco

  • *
  • 1,171
  • +0/-0
    • http://contribs.org
Re: Email ,CLAM and unofficial SaneSecurity
« Reply #1 on: April 24, 2010, 03:13:10 PM »
Hi,
You need to edit the file with your favorite editor:
Code: [Select]
/etc/unofficial-clamav-sigs.conf And comment out the ones you don't want:
Code: [Select]
# ========================
# SaneSecurity Database(s)
# ========================
# Add/remove/modify database file names between quote marks as needed.
# To disable any of the SaneSecurity database file downloads, remove
# the appropriate database file name line(s) below.  To disable all
# SaneSecurity database downloads, comment out all of the following lines.
#ss_dbs="
#   phish.ndb
#   scam.ndb
#   junk.ndb
#   rogue.hdb
#   spear.ndb
#   spamimg.hdb
#   lott.ndb
#   spam.ldb
#   sanesecurity.ftm
#"

then reload:
Code: [Select]
clamdscan --reload
I never used the Sans Security.

Offline Stefano

  • *
  • 10,820
  • +1/-0
Re: Email ,CLAM and unofficial SaneSecurity
« Reply #2 on: April 24, 2010, 04:27:29 PM »
Hi,
You need to edit the file with your favorite editor:
Code: [Select]
/etc/unofficial-clamav-sigs.conf

thank you, added to FAQ

Offline p-jones

  • *
  • 588
  • +0/-0
Re: Email ,CLAM and unofficial SaneSecurity
« Reply #3 on: April 24, 2010, 11:50:46 PM »
This did not solve the problem. I tried this initially before posting. After reading and re reading the comments, it was my conclusion that removing those lines do two things

1     they determine which databases are installed during the installation process
2     which databases are subsequently undated.

I suspect that the CLAM config needs to be modified but I am not sure where or how.

Peter
...

Offline p-jones

  • *
  • 588
  • +0/-0
[RESOLVED] Email ,CLAM and unofficial SaneSecurity
« Reply #4 on: April 25, 2010, 01:36:00 AM »
I am fairly sure I has resolved this.

With specific regards to my situation, I simply deleted the junk database from /var/clamav then I commented out the Sane junk database in the /etc/unofficial sigs.conf as instructed previously to prevent it being reloaded.

This has survived a reconfigure - reboot and an update of all the unofficial AV sigs.

Hope this helps someone else.


P
...