| OS type and version | CentOS Linux 7.9.2009 |
| Webmin version | 2.013 |
| Virtualmin version | 7.5 |
| Related packages | Clamav | Procmail | Postfix |
I have virtualmin installed in both servers the same way with install.sh.
All packages and dependencies are up-to-date with no “extra” repos involved.
The recurring problem is around email attachments and their scan for virus.
Spamassassin is working very well. Needs some adjustments now and then; mostly under usermin and pressing mark as spam option…
Virus detection is a big headache. Even eicar files go through undetected as if no virus present.
Eicar is harmless enough. But with thounsands of other viruses coming through this is a major problem for my users. Yes, local email client software has antivirus running but still…
I once went around Clamav + procmail and at some point virus were no marked with procmail (“Mode:Virus”) but they were simply deleted.
Ok as long as not falling in useres Inbox was good enough for me…
New install (moved from Centos 8 Stream to AlmaLinux) and here it comes again.
I saved and used some Postfix files like main.cf and master.cf from Centos to Alma… Email is going in and out, and marked as Spam with a pleasant 85% accuracy. Virus I think it is close to 10% (seeing in procmail the very few lines signe as Mode:Virus.
What Logs, config files would you need me to post here so I could have some help figuring this out and make viruscan work with postfix email attachments?
I had a problem with spam completely bypassing filtering. It turns out that 500KB size limit was coming into play. From looking at the configuration page it isn’t 100% clear to me if spam and virus filtering are both affected by the single setting.
In my experience ClamAV has a poor detection rate.
And I could not find any good and economic alternative to remove viruses
but I think I found a great way to enhance ClamAV with malware extra signatures from Securite Info,
very easily you can increase detection with those extra signatures that will check even for spam.
As of today you can get them starting from 29 euros a year, you can test them before buying them. In my case so far it has detected a lot more than ClamAV alone.
Obviously, if an EICAR test file is not detected, no amount of additional signatures (not even 4 trillion) will make ClamAV work. It just means AV scanning isn’t happening.
I have more virtualmin servers that do scan with clamd and eicar is detected.
If I run a manual scan, then it detects (even inside Mail folders). But it goes undetected when mail arrives.
My printscreen was poor but if I use this online test:
as I do with every server I set up it will let them all go to user inbox.
There are no user filters definitions, nothing. I even removed the option for users to make their own filtering options so it is server wide controlled.
In your mail the eicar files are zipped, it may be an issue with unzipping them to scan. Try sending the eicars files unzipped. If that works then is the unzipped issue.
