MailScanner blocking ClamAV emails

Mark Sapiro mark at
Sat Mar 25 16:04:25 UTC 2017

On 03/25/2017 08:50 AM, Walt Thiessen wrote:
> What exactly should we whitelist? My admins claim that the only thing
> you can whitelist in ClamAV is a signature, and they say there are no
> signatures in the log entries to whitelist.

The rule that hits is YARA.r57shell_php_php.UNOFFICIAL. The .UNOFFICIAL
part just means it is not an 'official' clamav rule, and I'm not sure
but I think the YARA. part just indicates its a YARA rule, but the rest
of it should match some rule in a file in /var/lib/clamav, probably with
a .yar or .yara extension.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list