[clamav-users] clamav-milter and "whitelist"
Alessandro Vesely
vesely at tana.it
Mon Dec 23 07:04:13 UTC 2019
On Sun 22/Dec/2019 12:26:04 +0100 Gerard E. Seibert via clamav-users wrote:
> I have this line in that file:
>
> From:marketing at snopes.com
>
> However, that file is being blocked with this message in the
> clamav-milter.log file:
>
> Fri Dec 20 20:12:00 2019 -> Message from <snopescom-cdyjlit1jrhddlljg1j at cmail20.com> to <<gerard_seibert at seibercom.net>> infected by SecuriteInfo.com.Spam-50327.UNOFFICIAL
Obviously, that's the from they mean.
> I figure I am either entering the info in the file incorrectly, or I am
> entering the wrong info. I cannot reliably use the "Return-Path:",
> because it is not a constant.
Perhaps you could try and match From:snopescom-.*@cmail20.com?
I don't use the milter, but if I were I'd look for an option to whitelist only
'Spam' or 'Heuristic' from authenticated reliable senders. To whitelist
everything after a fuzzy regex that anybody can impersonate looks quite dangerous.
Best
Ale
--
More information about the clamav-users
mailing list