ConfigServer Services Blog

ClamAV Oversized.zip errors

If you’re unexpectedly seeing the following in /var/log/maillog for emails blocked with zip file attachments:ClamAVModule::INFECTED:: Oversized.Zip::Then you may have not reinstalled the Mail::ClamAV perl module after upgrading ClamAV recently. The MailScanner Front-End does upgrade the perl module for you, but if you perform the ClamAV upgrade manually, then you need to be sure to run:

/scripts/perlinstaller –force Mail::ClamAV

It’s important to use –force otherwise the perl module most likely won’t be reinstalled (i.e. if the version of the perl module hasn’t changed).Then restart MailScanner:

service MailScanner restart

New csf v2.47

Changes:

  • Modified DYNDNS code to set listed domains IP addresses to be ignored as if they were listed in csf.ignore
  • If adding an IP address to csf.allow that is already in csf.deny, the IP address will now be removed from csf.deny first and the DROP removed from iptables. It will then be added to csf.allow as normal

New cmm v1.03

Changes:

  • Fixed bug where cmm was only checking for accounts on /home

New ClamAV v0.88.7

ClamAV have released a new version 0.88.7 with the following changes:

Mon Dec 11 02:47:03 CET 2006—————————-

New csf v2.46

Changes:

  • Added auto-detection of additional exim port (same as SSH port) which will be added to TCP_IN on csf installation (or if in TESTING mode)
  • Only report PT_USERMEM and PT_USERTIME PIDs once

New ConfigServer Mail Manage Addon (cmm) v1.02

Changes:

  • Added button key to Manage Mail Accounts
  • Fixed text in Delete Mailbox option
  • Reworked domain check regex for listed domains to exclude the false rvskin domains but include .biz
  • Added version check and Upgrade button

For this version, to upgrade follow the installation instructions

New csf v2.45

Changes and new features:

  • Added workaround to restart the bandmin acctboth chains if csf is stopped or (re)started
  • Rewritten the way RELAYHOSTS works so instead of using an iptables chain a check is done at block time on the IP address and if it is in /etc/relayhosts then it will be treated as if it is listed in csf.ignore
  • Enabled RELAYHOSTS by default, which is now a boolean on off (1 or 0) instead of a time interval
  • Added exe:/usr/local/cpanel/bin/logrunner to csf.pignore
  • Added new options PT_USERMEM and PT_USERTIME to report excessive user process usage and optionally PT_USERKILL to kill such processes. An alert is sent using resalert.txt

Want to make spam detection more aggressive?

We’ve recently started including the following SpamAssassin score modifications to help boost the identification of incoming spam with MailScanner. To do it yourself, create a file called /etc/mail/spamassassin/configserver.cf and add the following lines:

score BAYES_99 5.0score URIBL_SBL 5.0score URIBL_AB_SURBL 5.0score URIBL_OB_SURBL 5.0score URIBL_PH_SURBL 5.0score URIBL_SC_SURBL 5.0score URIBL_WS_SURBL 5.0score URIBL_JP_SURBL 5.0

Then reload MailScanner:

service MailScanner reload

That’s it. This makes your Bayesian database have a greater say in what is very likely to be spam and also boosts the scores of emails that contain URI’s in known spam from various URI RBL spam lists