RE: clamav

From: Jackson, Jeff (
Date: Mon 23 Feb 2004 - 14:40:58 GMT

  • Next message: Claudemir Todo Bom: "link social engineering attack"

    > I saw the anomy + clamav question detailed in the list archive, and
    > tried the script Jackson, Jeff send to the list, but unfortunately it
    > just doesn't work for me. Anomy simply cuts out the attachment instead
    > of calling that script.
    > Here comes the part of my anomy.conf that relates:
    > file_list_3 = (?i)\.(mp3|mp2|mpg|zip)$
    > file_list_3_policy = accept:save:save:save
    > file_list_3_scanner = 0:2:3:/usr/bin/ %FILENAME
    > With this and Jackson Jeff's script it just droppes all the
    > related attachments, they doesn't show up in the quarantine.
    > I'm using anomy 1.66

    Hi Balint,

    Just to verify, both of your first two rules just pass through mp3, mp2, mpg, and zip files, yes?

    Just to clarify, are you saying that every attachment is getting dropped? Not just infected attachements?

    I have clamav scan everything as the first rule and if it isn't infected, it is set in the policy to be "unknown", which means anomy will continue to process it through the rest of the rules. It is not dropping any attachements on me, as I do find them in my quarantine directory. Is it possible that the account that clamav runs under doesn't have permissions to write to the quarantine directory?

    file_list_1 = (?i).*
    file_list_1_policy = unknown:mangle:save:save
    file_list_1_scanner = 0:2:3:/usr/local/anomy/bin/ %FILENAME


    hosted by