The Mail Antivirus app scans mail messages as they pass through your ClearOS mail system. It is the first line of defense to prevent malicious e-mail messages from reaching your end users.
Viruses can be costly in terms of downtime and cleanup. All it takes is one!
If your system does not have this app available, you can install it via the Marketplace.
You can find this feature in the menu system at the following location:
<navigation>Server|Messaging|Mail Antivirus</navigation>
The open source ClamAV solution is the antimalware engine used in ClearOS. This software automatically checks for updates several times a day for new antivirus signatures. This is already included in ClearOS for free!
In addition, the ClearCenter Antimalware Updates service provides additional daily signature updates to improve the effectiveness of the antimalware system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.
When configuring the antimalware system, you must make some mail policy decisions. There are three types of policies available:
When a virus is detected, you can choose to either discard the message, or pass the message through. We recommend discard mode for most installations.
When a bad e-mail header is detected, you can choose to either discard the message, or pass the message through. We recommend pass through mode for most installations.
The antimalware software not only performs virus scanning, but also manages file attachment policies. Certain types of file attachments are prone to viruses. The ability to block attachments by file extension is another layer of security for your mail system.
Select the file extensions that you wish to ban from going through your mail system. Both internal and external mail are checked.
These can be a problem and can still be blocked even though their filters are disabled. If you inspect your maillog for BANNED messages like:
Jul 23 10:40:03 server amavis[14261]: (14261-01) p.path BANNED:1 me@example.com: "P=p004,L=1,M=multipart/mixed | P=p003,L=1/2,M=application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,T=zip,N=515072_OBG Extension list amended.xlsx | P=p016,L=1/2/11,T=asc,N=styles.xml", matching_key="(?^i:\\.(ade|adp|app|bas|bat|cab|cmd|com|cpl|dll|exe|fxp|grp|hta|inf|ini|isp|jse|lnk|mda|mdb|mde|mdt|mdw|mdz|msi|msp|mst|ops|pif|prf|prg|reg|scf|scr|sct|shs|sys|vbe|vbs|vb|vxd|wsc|wsf|wsh|bin|zip|docm|hlp|msc|xlsm|pptm|otf|shb)$)"
Here, the “T=zip” part indicates that it .zip filter which is blocking. You may find you have to enable .zip and or .bin filter. If you understandably don't want to do that, there is an alternative. Create a file /etc/amavisd/override.conf, and in it put:
$banned_filename_re = new_RE( [ qr'\.(xlsx|docx|pptx)$' => 0 ], # allow all MS Office new documents );
Then restart the service with:
systemctl restart amavisd