Hi, I'm not sure if this has been already mentioned here, but I found out that trashscan, the antivirus script, can easily skipped - the virus author just has to add a line "X-Virus-Scan: " to the header of the infected mail and this mail won't even be looked at by ClamAV. This issue was first mentioned bei James Lick in june 2004 - and I'm quite shocked that trashscan is still used in ISPConfig. Is there something I'm missing? If not, then I'd suggest the usage of clamassassin - I just installed it and integrated it into the procmail files, and it works. I just have to figure out if sender/recipient notifications are possible. So, my question: Is this a known problem? Or is this completely new to you? Is there another solution? btw: trashscan seems to fail on some tests from http://www.webmail.us/testmail - while clamassassin only ignores non-virus tests... Best regards and thx in advance!
I forgot posting the correpsonding url to the issue: http://www.gossamer-threads.com/lists/engine?post=9548;list=clamav The suggestion to add a hostname or domain isn't sufficient I guess... this might also be figured out and faked, although it's much safer than using a hard coded standard header.
Hi, It seems the upgrade process don't change the configs to use clamassassin. Curently running on debian perfect setup, upgraded from the previous release. NB : Just restarted postfix, seems the config file was changed. If that's the case, all my humble appologies Mathieu
Users continue to use the old procmail recipes until you update them in ISPConfig so that their configuration files get rewritten. If you change some settings for existing users in ISPConfig or create new users, they will use clamassassin from now on.
