Created
July 17, 2019 09:14
-
-
Save 9had/d618c8beebc6df74ea0932b3095f5b71 to your computer and use it in GitHub Desktop.
Rspam + clamav
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # local.d/antivirus.conf | |
| # multiple scanners could be checked, for each we create a configuration block with an arbitrary name | |
| clamav { | |
| # If set force this action if any virus is found (default unset: no action is forced) | |
| action = "reject"; | |
| message = '${SCANNER}: virus found: "${VIRUS}"'; | |
| # Scan mime_parts seperately - otherwise the complete mail will be transfered to AV Scanner | |
| attachments_only = false; # Before 1.8.1 | |
| #scan_mime_parts = true; # After 1.8.1 | |
| # Scanning Text is suitable for some av scanner databases (e.g. Sanesecurity) | |
| #scan_text_mime = false; # 1.8.1 + | |
| #scan_image_mime = false; # 1.8.1 + | |
| # If `max_size` is set, messages > n bytes in size are not scanned | |
| #max_size = 20000000; | |
| # symbol to add (add it to metric if you want non-zero weight) | |
| symbol = "CLAM_VIRUS"; | |
| # type of scanner: "clamav", "fprot", "sophos" or "savapi" | |
| type = "clamav"; | |
| # If set true, log message is emitted for clean messages | |
| log_clean = true; | |
| # Prefix used for caching in Redis: scanner-specific defaults are used. If Redis is enabled and | |
| # multiple scanners of the same type are present, it is important to set prefix to something unique. | |
| #prefix = "rs_cl_"; | |
| # For "savapi" you must also specify the following variable | |
| #product_id = 12345; | |
| # servers to query (if port is unspecified, scanner-specific default is used) | |
| # can be specified multiple times to pool servers | |
| # can be set to a path to a unix socket | |
| servers = "127.0.0.1:3310"; | |
| # servers = "/var/run/clamav/clamd.ctl"; | |
| # if `patterns` is specified virus name will be matched against provided regexes and the related | |
| # symbol will be yielded if a match is found. If no match is found, default symbol is yielded. | |
| patterns { | |
| # symbol_name = "pattern"; | |
| JUST_EICAR = '^Eicar-Test-Signature$'; | |
| } | |
| # In version 1.7.0+ patterns could be extended | |
| #patterns = {SANE_MAL = 'Sanesecurity\.Malware\.*', CLAM_UNOFFICIAL = 'UNOFFICIAL$'}; | |
| # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned. | |
| whitelist = "/etc/rspamd/antivirus.wl"; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Automatically Generated by clamav-daemon postinst | |
| #To reconfigure clamd run #dpkg-reconfigure clamav-daemon | |
| #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details | |
| TCPSocket 3310 | |
| TCPAddr 127.0.0.1 | |
| # TemporaryDirectory is not set to its default /tmp here to make overriding | |
| # the default with environment variables TMPDIR/TMP/TEMP possible | |
| User clamav | |
| ScanMail true | |
| ScanArchive true | |
| ArchiveBlockEncrypted false | |
| MaxDirectoryRecursion 15 | |
| FollowDirectorySymlinks false | |
| FollowFileSymlinks false | |
| ReadTimeout 180 | |
| MaxThreads 12 | |
| MaxConnectionQueueLength 15 | |
| LogSyslog true | |
| LogRotate true | |
| LogFacility LOG_LOCAL6 | |
| LogClean false | |
| LogVerbose false | |
| PreludeEnable no | |
| PreludeAnalyzerName ClamAV | |
| DatabaseDirectory /var/lib/clamav | |
| OfficialDatabaseOnly false | |
| SelfCheck 3600 | |
| Foreground false | |
| Debug false | |
| ScanPE true | |
| MaxEmbeddedPE 10M | |
| ScanOLE2 true | |
| ScanPDF true | |
| ScanHTML true | |
| MaxHTMLNormalize 10M | |
| MaxHTMLNoTags 2M | |
| MaxScriptNormalize 5M | |
| MaxZipTypeRcg 1M | |
| ScanSWF true | |
| DetectBrokenExecutables false | |
| ExitOnOOM false | |
| LeaveTemporaryFiles false | |
| AlgorithmicDetection true | |
| ScanELF true | |
| IdleTimeout 30 | |
| CrossFilesystems true | |
| PhishingSignatures true | |
| PhishingScanURLs true | |
| PhishingAlwaysBlockSSLMismatch false | |
| PhishingAlwaysBlockCloak false | |
| PartitionIntersection false | |
| DetectPUA false | |
| ScanPartialMessages false | |
| HeuristicScanPrecedence false | |
| StructuredDataDetection false | |
| CommandReadTimeout 5 | |
| SendBufTimeout 200 | |
| MaxQueue 100 | |
| ExtendedDetectionInfo true | |
| OLE2BlockMacros false | |
| ScanOnAccess false | |
| AllowAllMatchScan true | |
| ForceToDisk false | |
| DisableCertCheck false | |
| DisableCache false | |
| MaxScanSize 100M | |
| MaxFileSize 25M | |
| MaxRecursion 16 | |
| MaxFiles 10000 | |
| MaxPartitions 50 | |
| MaxIconsPE 100 | |
| PCREMatchLimit 10000 | |
| PCRERecMatchLimit 5000 | |
| PCREMaxFileSize 25M | |
| ScanXMLDOCS true | |
| ScanHWP3 true | |
| MaxRecHWP3 16 | |
| StreamMaxLength 25M | |
| LogFile /var/log/clamav/clamav.log | |
| LogTime true | |
| LogFileUnlock false | |
| LogFileMaxSize 0 | |
| Bytecode true | |
| BytecodeSecurity TrustSigned | |
| BytecodeTimeout 60000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ lsof -i tcp:3310 | |
| COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME | |
| clamd 20527 clamav 5u IPv4 8244688 0t0 TCP localhost:3310 (LISTEN) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment