https://github.com/haraka/haraka-plugin-clamd

Haraka plugin for ClamAV virus scanning
https://github.com/haraka/haraka-plugin-clamd

clamav clamav-antivirus clamav-client haraka-plugin

Last synced: about 2 months ago
JSON representation

Haraka plugin for ClamAV virus scanning

• Host: GitHub
• URL: https://github.com/haraka/haraka-plugin-clamd
• Owner: haraka
• License: mit
• Created: 2024-05-08T16:40:02.000Z (8 months ago)
• Default Branch: master
• Last Pushed: 2024-05-08T17:22:34.000Z (8 months ago)
• Last Synced: 2024-10-31T19:39:28.895Z (about 2 months ago)
• Topics: clamav, clamav-antivirus, clamav-client, haraka-plugin
• Language: JavaScript
• Homepage: https://www.npmjs.com/package/haraka-plugin-clamd
• Size: 14.6 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

        
[![CI Test Status][ci-img]][ci-url]

[![Code Climate][clim-img]][clim-url]

[![NPM][npm-img]][npm-url]

# haraka-plugin-clamd

This plug-in implements Anti-Virus scanning with ClamAV using the **clamd** daemon.

The plug-in will reject any message that ClamAV considers to be a virus. If an error occurs (e.g. clamd not running or a timeout), the message will be deferred with a temporary failure.

## Configuration

Copy the default clamd.ini into the Haraka config directory:

```

cp node_modules/haraka-plugin-clamd/config/clamd.ini config/clamd.ini

$EDITOR config/clamd.ini

```

The following options can be defined in clamd.ini;

### clamd_socket (default: localhost:3310)

N.N.N.N:port, [ipv6::literal]:port, host:port or /path/to/socket of

the clamd daemon.

Multiple hosts can be listed separated by comma, semi-colon or spaces.

If :port is omitted it defaults to 3310.

On connection error or timeout the next host in the list will be tried.

When the host list is exhausted, the message will be deferred with

a temporary failure.

### randomize_host_order (default: false)

If this is set then the list of hosts with be randomized before a

connection is attempted.

### only_with_attachments (default: false)

Set this option to only scan messages that contain non-textual

attachments. This is a performance optimization, however it will

prevent ClamAV from detecting threats such as Phishing in plain-text

or HTML messages.

### connect_timeout (default: 10)

Timeout connection to host after this many seconds. A timeout will

cause the next host in the list to be tried. Once all hosts have

been tried then a temporary failure will be returned.

### timeout (default: 30)

Post-connection timeout if there is no activity on the socket after

this many seconds. A timeout will cause the message to be rejected

with a tempoary failure.

### max_size (default: 26214400)

The maximum size of message that should be sent to clamd in bytes.

This option should not be larger than the StreamMaxLength value in

clamd.conf as clamd will stop scanning once this limit is reached.

If the clamd limit is reached the plug-in will log a notice that

this has happened and will allow the message though.

### [reject]

An optional reject section can offer control over when to reject connections.

The default settings are shown. ClamAV recommends that hits coming from

SafeBrowsing / Phishing / Heuristics, Potentially Unwanted Applications, and

UNOFFICIAL be used only for scoring.

    * virus=true

    * error=true

The following reject options are disabled by default in clamd.conf. With a

default ClamAV install, these will have no effect. When an admin enables in

clamd.conf, Haraka with then, by default, reject such messages. Adjust these

settings to suit.

    * Broken.Executable=true

    * Structured=true

    * Encrypted=true

    * PUA=true

    * OLE2=true

    * Safebrowsing=true

    * UNOFFICIAL=true

The following options are enabled by default in clamd but ClamAV suggests

using them only for scoring.

    * Phishing=false

## [check]

The optional check section can allow skipping ClamAV check for remote connection

meeting following criteria.

- authenticated

  Default: true

  If true, messages from authenticated users will be scanned.

- private_ip

  Default: true

  If true, messages from private IPs will be scanned.

- local_ip

  Default: true

  If true, messages from localhost will be scanned.

- relay

  Default: true

  If true, messages that are to be relayed will be scanned.

## clamd.excludes

This file can contain a list of virus name patterns that when matched, are

not rejected by this plugin. An X-Haraka-Virus: header will be inserted

containing the virus name. This header can then be used for scoring

in other plugins.

The format of the file is one pattern per line. Comments are prefixed

with #. Matches are case-insensitive.

Patterns are expressed using wildcards (e.g. \* and ?) or

via regexp by enclosing the pattern in //.

To negate a match (e.g. reject if it matches), prefix the match with !.

Negative matches are always tested first.

Example:

```

# Always reject test signatures

!*.TestSig_*

# Skip all unofficial signatures

*.UNOFFICIAL

# Phishing

Heuristics.Phishing.*

```

[ci-img]: https://github.com/haraka/haraka-plugin-clamd/actions/workflows/ci.yml/badge.svg

[ci-url]: https://github.com/haraka/haraka-plugin-clamd/actions/workflows/ci.yml

[clim-img]: https://codeclimate.com/github/haraka/haraka-plugin-clamd/badges/gpa.svg

[clim-url]: https://codeclimate.com/github/haraka/haraka-plugin-clamd

[npm-img]: https://nodei.co/npm/haraka-plugin-clamd.png

[npm-url]: https://www.npmjs.com/package/haraka-plugin-clamd