[linux] SAGATOR + CLAMAV + SPAMASSASSIN
Marek Zima
marek.zima na zimas.sk
Pátek Červen 10 19:13:20 CEST 2005
Caute,
nahodil som v subject-e uvedenu kombinaciu skusobne na svoj notas (doteraz
som vsetko riesil PROCMAILOM)
a co ma zaraza je MINUSOVA hodnota score!!!
Pri starte sagatora mam v logu toto ...
cat sagator.log ---
2131: SAGATOR 0.5.9-1 starting at Fri Jun 10 18:57:59 2005
2132: collector(): service started, waiting for connections...
2131: libclam(): Loaded virpatterns: 35473
2133: Testing log(report(quarantine(drop(ParseMail(attach_name(),
file_type())))), report(quarantine(drop(stream2mbox(libclam())))),
rename(store(SpamAssassinD())*const()),quarantine(drop(rename(restore()>=const()))),deliver(modify_subject()))...
+++++
2133: Spamd status: [], score=-2.800000/5.000000
+++++
2133: level='0.0', virname='', size='169', sender='', recipients=''
2134: smtpd(): service started, waiting for connections ...
2134: smtpd(): pids: [2135, 2136]
preco ta minusova hodnota? Mam niekde chybu?
Potom skutocne spamy maju v header-i toto:
X-Spam-Status: No, score=-0.7 required=5.0 tests=ALL_TRUSTED,AWL,BEST_PORN,
DRUGS_ERECTILE,DRUG_ED_CAPS,SUBJECT_DRUG_GAP_VIA autolearn=no
version=3.0.2
ale stale je to minusova hodnota ... a tak to nie je SPAM!!!
Dalsia vec je, ze ked pustim ./smtptest localhost 25 Eicar - tak mi to
detekne virus, ale ked ho poslem mailom z KMAILu napr. tak mi to virus
nezdetekuje ...
Nechapem ... viete mi poradit?
Dik.
Marek.
+++++
Tu je moje nastavenie SCANNERS:
SCANNERS=[
log(3,log.FORMAT,
status("WindowsExecutable",
report_recipients(MY_REPORT_EXE,
quarantine('/tmp/quarantine/exe/%Y%m','',
drop(DROP,
parsemail(
attach_name('(\.exe|\.com|\.vxd|\.dll|\.cpl|\.scr|\.pif|\.lnk|
\.bat|\.vbs|\.js)$'),
file_type({'exe': 'Executable - (Spustitelny subor)'})
)
)
)
)
)
status("Virus",
report_recipients(MY_REPORT_VIR,
quarantine('/tmp/quarantine/vir/%Y%m','',
drop(DROP,
stream2mbox(libclam(limits={'maxratio':9999})),
# clamd(['localhost',3310])
)
)
)
),
status("Spam",
rename('',
store('resultlevel',
spamassassind(['127.0.0.1',783])
) * const(0.0)
),
quarantine('/tmp/quarantine/spam/%Y%m','',
drop(DROP_INFECTED,
rename('$STARS',
restore('resultlevel')>=const(1.75)
)
)
),
deliver(
modify_subject('[%V]', MY_SUBJECT_SPAM)
)
)
)
]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Další informace o konferenci linux