amavis-user April 2010 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: [AMaViS-user] Asking again : about amavis anti

Re: [AMaViS-user] Asking again : about amavis anti virus scanning

From: Jernej Porenta <jernej.porenta_at_nospam>
Date: Thu Apr 29 2010 - 14:39:34 GMT
To: "Sharma, Ashish" <>

On Apr 29, 2010, at 4:00 PM, Sharma, Ashish wrote:
> Hi,
> Asking the following question again, as I didn't got any reply yet.
> I have an amavisd(clamav and spamassassin) setup with postfix(referred deployment notes from:
> Now whenever I send an eicar string in mail body (via my gmail account) the mail is quarantined and infection is caught,
> but if the eicar signature is put in a txt file or any other file and mail is sent , then nothing happens and I could see the attachment as it is in the mailbox, shouldn't it too be caught as infection and put in quarantine.
> Is there something that I am missing?

What is the setting of bypass_decode_parts in amavis?
# set $bypass_decode_parts to true if you only do spam scanning, or if you
# have a good virus scanner that can deal with compression and recursively
# unpacking archives by itself, and save amavisd the trouble.
# Disabling decoding also causes banned_files checking NOT to see MIME types
# and content classification types as provided by the file(1) utility.
# It is a double-edged sword, make sure you know what you are doing!
#$bypass_decode_parts = 1; # (defaults to false)

If you have it to false, then check your antivirus software to be able to decrypt your email and scan it, otherwise set it to true and amavis will unpack and send it through antivirus software, which will detect virus...

It shouldn't matter, if you call your virus or anything else, in case it contains specific 'EICAR string'...

regards, Jernej

AMaViS-user mailing list