MailScanner blocking ClamAV emails
Mark Sapiro
mark at msapiro.net
Sat Mar 25 16:04:25 UTC 2017
On 03/25/2017 08:50 AM, Walt Thiessen wrote:
> What exactly should we whitelist? My admins claim that the only thing
> you can whitelist in ClamAV is a signature, and they say there are no
> signatures in the log entries to whitelist.
The rule that hits is YARA.r57shell_php_php.UNOFFICIAL. The .UNOFFICIAL
part just means it is not an 'official' clamav rule, and I'm not sure
but I think the YARA. part just indicates its a YARA rule, but the rest
of it should match some rule in a file in /var/lib/clamav, probably with
a .yar or .yara extension.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list