3
How to disable a specific ClamAV scan
Question asked by Scarab - January 5, 2015 at 5:08 PM
Answered
We are getting stupid amounts of "Heuristics.Phishing.Email.SpoofedDomain virus" false positives with ClamAV. For everything else it seems to do as it should with very rare instances of false positives. Question: How does one disable "Heuristics.Phishing.Email.SpoofedDomain" scans in Smartermail's ClamAV?
 
Using Google-fu I tried modifying the \Smartermail\Service\Clam\etc\clamd.conf to include the following line:
 
PhishingScanURLs no
 
But this doesn't seem to have done anything as we are still getting dozens of emails per hour quarantined for "Heuristics.Phishing.Email.SpoofedDomain virus".
 
Is there any other way to disable a particular ClamAV scan without disabling all of ClamAV in Smartermail?
 
 

3 Replies

Reply to Thread
1
Scarab Replied
January 15, 2015 at 3:23 PM
Just a quick follow up for anyone else who may be having this problem:
 
A reboot of the SmarterMail Server (after Scheduled Monthly Maintenance on Patch Tuesday) successfully made the modification to clamd.conf start working the way it should. Apparently restarting the SmarterMail service was not enough, as this file seems to be cached by either SmarterMail or Windows Server itself.
 
So, to modify the behaviors of ClamAV in Smartermail you can use standard ClamAV parameters in the \Smartermail\Service\Clam\etc\clamd.conf file so long as you reboot the server after committing your changes.
0
BMark Replied
February 26, 2015 at 8:38 AM
Hi Scarab,
 
same problem of false positives detected by ClamAV scan  "Heuristics.Phishing.Email.SpoofedDomain virus"...
 
I thank you for sharing the solution
1
Opt-Out Replied
February 26, 2015 at 1:44 PM
<proceed at your own risk>
In the past I have avoided a reboot by logging in to Smartermail admin > select Security > Antivirus Administration > uncheck "Enable ClamAV" > Save.
Next I use task manager to end task on clamd.exe.
 
Then I append PhishingScanURLs no to clamd.conf.
 
Once I recheck Enable ClamAV in the Smartermail Admin and click save I see Clamd.exe starts and my new configuration is working.
 
Please chime in if you feel there is a downside to this procedure.

Reply to Thread