Hi, in my Debian 9 server, with ISPconfig 3.1.8p1 (Apache2, Bind, Dovecot), the infected emails, that arriving from an external smtp server, are accepted with the attachment containing the virus and placed in the destination mailboxes, although in the header there is this message: "X-Virus-Scanned: Debian amavisd-new at ks05 .domainserver.net ". If the same infected mail is sent through my server, it is blocked, but if it is received by an external SMTP server it is accepted. This is very dangerous: how may I fix it? Thanks a lot
Check your spamfilter policy that you selected for this email account and email domain to ensure that you did not enable the setting 'Virus lover'.
When I installed the server, I immediately changed the default value in ISPConfig Policy spamfilter to remove "Virus lover" where it exists. All polycy contain "Virus lover = no". In which files (I imagine of amavis) ISPConfig writes the policy instructions spamfilter? First I would like to check that ISPConfig was able to correctly write those files.
This config is read from amavis directly from the database, so these settings are not written anywhere. You are sure that the virus is recognized by ClamAV? The line that it was scanned is no indication that ClamAV actually found it.
Thanks Till. I monitored the situation for a week and found another virus that Clamav does not detect. Searching on the internet I discovered a test-report of AV-Test according to which Clamav is able to detect only 15.3% of the Windows viruses in the emails (against 99.7/100% of the best competitors as Symantec, Avast, ecc.). If it's true, I think Clamav can not be called an antivirus. Can you recommend a valid antivirus (alternative to Clamav), also for a fee, compatible with ISPConfig / amavis? Thanks a lot P.S. here is the link to AV-Test report: https://www.av-test.org/en/news/new...st-windows-and-linux-malware-put-to-the-test/
I don't think that ClamAV is that bad, but you can replace it with an antivirus software from a commercial vendor. Amavis supports many different scanners. Take a look at the file /etc/amavis/conf.d/15-av_scanners to get an idea which scanners are supported by amavis. The file lists most well-known vendors like Kaspersky, Avira, Command AntiVirus, Symantec, F-Secure, Avast, ESET etc.
