Writing /var/www/docs.clearos.com/data/cache/0/0222cc01339ce740d0a6608bb2214fc9.metadata failed

Mail Antivirus

The Mail Antivirus app scans mail messages as they pass through your ClearOS mail system. It is the first line of defense to prevent malicious e-mail messages from reaching your end users.

Viruses can be costly in terms of downtime and cleanup. All it takes is one!


If your system does not have this app available, you can install it via the Marketplace.

You can find this feature in the menu system at the following location:

<navigation>Server|Messaging|Mail Antivirus</navigation>

ClearCenter Antimalware Updates

The open source ClamAV solution is the antimalware engine used in ClearOS. This software automatically checks for updates several times a day for new antivirus signatures. This is already included in ClearOS for free!

In addition, the ClearCenter Antimalware Updates service provides additional daily signature updates to improve the effectiveness of the antimalware system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.


Mail Policies

When configuring the antimalware system, you must make some mail policy decisions. There are three types of policies available:

  • Bounce - bounce the e-mail
  • Discard - silently discard the e-mail
  • Pass Through - allow e-mail, but with warning (original sent as an attachment)

Detected Virus Policy

When a virus is detected, you can choose to either discard the message, or pass the message through. We recommend discard mode for most installations.

Bad Header Policy

When a bad e-mail header is detected, you can choose to either discard the message, or pass the message through. We recommend pass through mode for most installations.

Banned File Extension Policy

The antimalware software not only performs virus scanning, but also manages file attachment policies. Certain types of file attachments are prone to viruses. The ability to block attachments by file extension is another layer of security for your mail system.

Banned File Extensions

Select the file extensions that you wish to ban from going through your mail system. Both internal and external mail are checked.

Microsoft Office xlsx, docx and pptx Files

These can be a problem and can still be blocked even though their filters are disabled. If you inspect your maillog for BANNED messages like:

Jul 23 10:40:03 server amavis[14261]: (14261-01) p.path BANNED:1 me@example.com: "P=p004,L=1,M=multipart/mixed | P=p003,L=1/2,M=application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,T=zip,N=515072_OBG Extension list amended.xlsx | P=p016,L=1/2/11,T=asc,N=styles.xml", matching_key="(?^i:\\.(ade|adp|app|bas|bat|cab|cmd|com|cpl|dll|exe|fxp|grp|hta|inf|ini|isp|jse|lnk|mda|mdb|mde|mdt|mdw|mdz|msi|msp|mst|ops|pif|prf|prg|reg|scf|scr|sct|shs|sys|vbe|vbs|vb|vxd|wsc|wsf|wsh|bin|zip|docm|hlp|msc|xlsm|pptm|otf|shb)$)"

Here, the “T=zip” part indicates that it .zip filter which is blocking. You may find you have to enable .zip and or .bin filter. If you understandably don't want to do that, there is an alternative. Create a file /etc/amavisd/override.conf, and in it put:

$banned_filename_re = new_RE(
  [ qr'\.(xlsx|docx|pptx)$' => 0 ], # allow all MS Office new documents

Then restart the service with:

systemctl restart amavisd
If necessary this can be extended to cover other document types such as xlsm, docm and pptm.
content/en_us/7_ug_mail_antivirus.txt · Last modified: 2020/07/24 08:07 by