How do I turn off "UNCHECKED contents in mail FROM" mails sent by Amavis to the postmaster of the domain every time a user sends an encrypted mail. The setup is a Debian 7 with postfix and amavisd.
Asked
Active
Viewed 1.4k times
2 Answers
8
You can use the parameter %admin_maps_by_ccat to define whom amavisd-new sends Mails for each of its categories. With undef you can disable the mails.
So you have to define a setting like the following if you don't want to get mails for all "unchecked" mails:
$admin_maps_by_ccat{+CC_UNCHECKED} = undef;
To only do this for UNCHECKED-ENCRYPTED use this (for amavis 2.9.0, found via release notes):
$admin_maps_by_ccat{+CC_UNCHECKED.',1'} = undef;
blueyed
- 723
- 8
- 13
sebokopter
- 716
- 5
- 11
-
1While this works it appears it disables notifications for any unchecked messages, which also includes messages that exceed size limits or contain corrupt archives in attachments. From a brief look at the code I couldn't see an obvoius way to distinguish UncheckedEncrypted from simply Unchecked. Any ideas? – JinnKo Jan 30 '16 at 00:54
-
1@JinnKo I think I found a way, see my (pending) edit above. – blueyed Mar 23 '16 at 14:58
2
The problem of receiving emails having UNCHECKED in the subject can be resolved in two fashions.
The first solution is a temporary and quick fix which can lead to other unwanted problems since mails will not be scanned. Let's us look at what has been proposed so far.
The usage of "$admin_maps_by_ccat{+CC_UNCHECKED} = undef;" as mentioned above should not be used because that solution does not really address the real problem which is stemming from clamav being outdated. Please be aware that once clamav is OUTDATED, the "UNCHECKED" term in the email subject will be attached once more because emails sent by clients can not be scanned properly by clamav that is not updated.
Another aspect of solution one is to add in the file "/etc/amavis/conf.d/50-user" the snippet, "$undecipherable_subject_tag=undef;" without the quotation marks of course, as proposed by some individulas. Still, THAT IS NOT A SOLUTION for the same reason mentioned above.
Let's look at solution number two.
First run the command freshclam. Doing so will generate most likely more than one error but will also tell you the latest clamav version. To have a much better output of the problem, run if need be:
tail -20 /var/log/clamav/freshclam.log
Second, Uninstall the old version with the command:
apt remove clamav
Third, download the latest clamav file with the command:
wget https://www.clamav.net/downloads/production/clamav-0.100.1.tar.gz
Here I am using clamav-0.100.1 as an example. Please choose the latest version
Fourth, extract the file with the command:
tar xf clamav*
Then make sure that you are in the clamav directory. So, run the command:
cd clamav*/
Now let's compile clamav with the following three commands one by one in the clamav directory:
./configure
make
make install
Once more run the command:
freshclam
If you get the error “Can’t open/parse the config file /usr/local/etc/freshclam.cong", here is how to fix it.
Remove the existing freshclam.conf file from the /usr/local/etc/ folder with the command:
rm -f /usr/local/etc/freshclam.conf
If the file is not there, proceed to the next step below by creating a link to the new file so that if you ever have to run it again, the conf file will stay updated.
ln -s /etc/clamav/freshclam.conf /usr/local/etc/freshclam.conf
Then run freshclam to update.
freshclam
Well, there is one more minor error you will get because freshclam is already running in the background. let's kill it with the command:
pkill -15 -x freshclam
Finally, run freshclam again as follows:
freshclam
Voila.
To test, send yourself an email or ask a friend to send you an email. You should not see the UNCHECKED term in the subject of the emails sent from clients. If one week later you have the same error, most likely clamav is upgraded to a newer version.
user480559
- 31
- 4
-
1**Don't**. 1st, the question was regarding emails that are unchecked because they are encrypted, which has nothing to do with an outdated clamav. 2nd, you propose to replace the clamav installed from the Debian repository with a manually installed version. This means you will always have to update it manually, which is a lot of work and at some point you will stop and run an insecure system. Instead, upgrade your Debian to the latest stable release (currently Stretch) and make sure to add the stable-updates repository (currently stretch-updates). It currently includes the latest ClamAV 0.100.1 – Christopher K. Sep 12 '18 at 08:19
-
So running Debian Stretch, upgrade your clamav like this: Add `deb http://httpredir.debian.org/debian stretch-updates main` into `/etc/apt/sources.list` (if it is not there yet). Run `apt update` and `apt-upgrade` and you are should get the latest clamav. Read https://wiki.debian.org/StableUpdates and see https://packages.debian.org/stretch-updates/clamav – Christopher K. Sep 12 '18 at 08:25
-
Installing clamav will not help if your problem is that clamav can't check archives because they are encrypted. While this answer is very good in both volume and clarity, it does not solve the original problem. Also getting the current clamav archive from your distribution is always the better choice, don't install stuff manually unless you have loads of time maintaining this manual installation. – flinkflonk Mar 25 '20 at 09:19