Mailcow-dockerized: CLAMAV false positive

Created on 6 Jul 2018  路  4Comments  路  Source: mailcow/mailcow-dockerized

Hi there,

i try to send a Mail that contains a Excel Document where a password is set.

rspamd says, Virus, so i checked the logs and found that:

rspamd-mailcow_1     | 2018-07-06 07:38:22 #20(normal) <a86d18>; lua; antivirus.lua:106: clamav: virus found: "PUA.Doc.Packed.EncryptedDoc-65637"

So i set following in ```data/conf/clamav/clamd.conf````

DetectPUA no
ExcludePua Packed
OLE2BlockMacros no

But it still blocks with the same message.

Any Ideas?

Thanks & Cheers,
Thomas

picture develth

All 4 comments

Did you restart clamd-mailcow? :-)
Ah, it probably is cached in Redis, too. Sec...

andryyy picture andryyy on 6 Jul 2018
👍1

Hehe, yeah forgot to mention - i even restarted rspamd

develth picture develth on 6 Jul 2018

I think it caches the result for 3600s.

# docker-compose exec redis-mailcow  /bin/sh
/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
/data # exit
andryyy picture andryyy on 6 Jul 2018
🎉1

Purrfect! Thanks!

develth picture develth on 6 Jul 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

constin picture constin  路  3Comments
RogerSik picture RogerSik  路  3Comments
damdinsharav picture damdinsharav  路  3Comments
patrick7 picture patrick7  路  3Comments
poldixd picture poldixd  路  3Comments