Clamav virus size configuration settings

4 posts / 0 new
Last post
#1 Mon, 06/26/2006 - 08:58
ScottAdministrator

Clamav virus size configuration settings

I believe that the default settings (if there is any) for Virus and Spam scanning is unlimited size.

Is there a option some where to limit the size of attachment scanning for clamav? I don't want files] 250000 bytes scanned and I cannot find the setting for configuring clamav to NOT scan files greater than 250000 bytes (or whatever value I decide).

Please help show me where the configuration is location as large files really don't need to be scanned in Virtualmin Pro and I'd like to stop clamav from choking the server.

Thank you kindly!

Mon, 06/26/2006 - 09:14
ScottAdministrator

It appears that every domain has its own procmail file located in /etc/webmin/virtual-server/procmail/ with the file being the virtual domains' Virtualmin Pro ID number.

To limit an e-mail from being scanned, you'd need to know the size of the attachment. At this point, you don't know the size of the attachment.

It doesn't appear that the per-site procmail does any checking of file sizes and just sends off the message to clamscan via the line:

/etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamscan

That perl code doesn't check size either and just happily sends the message to be scanned. Arg.

To limit messages to be scanned, in procmail, you can add "*[ SIZE-LIMIT" where SIZE-LIMIT is the maximum value of size of an e-mail you'd like to scan.

:0fw
*[ 256000
| /usr/bin/spamassassin --siteconfigpath /etc/webmin/virtual-server/spam/ID-OF-VIRTUAL-SITE

Mon, 06/26/2006 - 09:15
ScottAdministrator

I assume that if I put in a limit of the file size like:

*[ 250000

before the clamascan line, this change will NOT be preserved the next time the values are changed through the Webmin / Virtual-min interface at "Spam and Virus Delivery" screen.

Mon, 06/26/2006 - 09:22
ScottAdministrator

So I manually edited the virtualmin virutal site file in the /etc/webmin/virtual-server/procmail and added "*[ 250000" before the call to clam-wrapper.pl.

DROPPRIVS=yes
:0cw
*[ 250000
| /etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamscan

I made a change in the "Spam and Virus Delivery" screen and changed the "Destination for virus emails" from Throw away to another setting and checked the virtual site's procmail file and it appears the "*[ 250000" was NOT deleted (therefore preserved).

It would be nice to have a menu option in the "Spam and Virus Delivery" screen to be able to set the size of messages to be scanned for both Spam and Virus checking.