[linux] SAGATOR + CLAMAV + SPAMASSASSIN

Marek Zima marek.zima na zimas.sk
Pátek Červen 10 19:13:20 CEST 2005 

Caute,

	nahodil som v subject-e uvedenu kombinaciu skusobne na svoj notas (doteraz 
som vsetko riesil PROCMAILOM)

	a co ma zaraza je MINUSOVA hodnota score!!!
	
	Pri starte sagatora mam v logu toto ...
cat sagator.log ---
 2131: SAGATOR 0.5.9-1 starting at Fri Jun 10 18:57:59 2005
 2132: collector(): service started, waiting for connections...
 2131: libclam(): Loaded virpatterns: 35473
 2133: Testing log(report(quarantine(drop(ParseMail(attach_name(), 
file_type())))), report(quarantine(drop(stream2mbox(libclam())))), 
rename(store(SpamAssassinD())*const()),quarantine(drop(rename(restore()>=const()))),deliver(modify_subject()))...
+++++
 2133: Spamd status: [], score=-2.800000/5.000000
+++++
 2133: level='0.0', virname='', size='169', sender='', recipients=''
 2134: smtpd(): service started, waiting for connections ...
 2134: smtpd(): pids: [2135, 2136]

preco ta minusova hodnota? Mam niekde chybu?

Potom skutocne spamy maju v header-i toto:
X-Spam-Status: No, score=-0.7 required=5.0 tests=ALL_TRUSTED,AWL,BEST_PORN,
        DRUGS_ERECTILE,DRUG_ED_CAPS,SUBJECT_DRUG_GAP_VIA autolearn=no 
        version=3.0.2

ale stale je to minusova hodnota ... a tak to nie je SPAM!!!

Dalsia vec je, ze ked pustim ./smtptest localhost 25 Eicar - tak mi to 
detekne virus, ale ked ho poslem mailom z KMAILu napr. tak mi to virus 
nezdetekuje ...

Nechapem ... viete mi poradit?

Dik.
Marek.

+++++
Tu je moje nastavenie SCANNERS:
SCANNERS=[
  log(3,log.FORMAT,
    status("WindowsExecutable",
      report_recipients(MY_REPORT_EXE,
        quarantine('/tmp/quarantine/exe/%Y%m','',
          drop(DROP,
            parsemail(
              attach_name('(\.exe|\.com|\.vxd|\.dll|\.cpl|\.scr|\.pif|\.lnk|
\.bat|\.vbs|\.js)$'),
              file_type({'exe': 'Executable - (Spustitelny subor)'})
            )
          )
        )
      )
    )
    status("Virus",
      report_recipients(MY_REPORT_VIR,
        quarantine('/tmp/quarantine/vir/%Y%m','',
          drop(DROP,
            stream2mbox(libclam(limits={'maxratio':9999})),
#           clamd(['localhost',3310])
          )
        )
      )
    ),
    status("Spam",
      rename('',
        store('resultlevel',
          spamassassind(['127.0.0.1',783])
        ) * const(0.0)
      ),
      quarantine('/tmp/quarantine/spam/%Y%m','',
        drop(DROP_INFECTED,
          rename('$STARS',
            restore('resultlevel')>=const(1.75)
          )
        )
      ),
      deliver(
        modify_subject('[%V]', MY_SUBJECT_SPAM)
      )
    )
  )
]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Další informace o konferenci linux