Clamav: result - FAILED with error: "failed to scan and retransmits exceed - score: 0"

Hi @stephdl. Sorry for the noise : that 2GB machine is not involved with the problem reported here (even if it also host a mail server). The 7 load was temporary, due to a hung process, that happens when you use the terminal in cockpit and forget to close properly.

I’m positive that it is not a ressource problem.

Now everything is ok. Just for the record @Andy_Wismer : that machine works perfectly for more than three year now and last time I checked its uptime was > 400 days. It’s playing with the limits, sure, but it works.

image

Salut @pagaille

I’m not saying the mashine is overloaded or whatever.
For low power stuff, I also have 1-2 APU4d4 with 2 / 4 GB RAM and 120 / 500 GB SSd.
Yeah, it also has Nextcloud installed, mail, files, Zabbix et AL.

It’s stable, and can have long uptimes, no issues also with updates.

And I can log into Nextcloud, sure.

But it’s certainly not fast nor “running”!

It aslo has to do with economics. The small box isn’t important, it’s mainly for testing, seeing how far things can be taken. If people (users) are using such a system, and they lose 30 minutes a day that sounds not so bad. However, if those people earn 10K a month, it does add up!
Saving 200 bucks on hardware, but spending annually 10K on unused worktime, is simply not efficient! Saving money in the wrong place.

For fun, it’s OK. If it servers commercial uses, you may need to calculate a bit more!

That’s all I intended to point out.

My 2 cents
Andy

Hi @filippo_carletti
Do you have any document or guide to make this template, I have the same problem with the timeout.

Thank you!

A fix is on the way, so maybe just wait for the next update…

Creating custom templates is really simple, you can find instructions in the developer docs.

In this case create the custom template dir:

mkdir -p /etc/e-smith/templates-custom/etc/rspamd/local.d/antivirus.conf

Copy the fragment:

cp /etc/e-smith/templates/etc/rspamd/local.d/antivirus.conf/10base /etc/e-smith/templates-custom/etc/rspamd/local.d/antivirus.conf/

Edit the copied custom template fragment /etc/e-smith/templates-custom/etc/rspamd/local.d/antivirus.conf/10base to fit your needs.

Apply configuration and restart services:

signal-event nethserver-mail-filter-update

Don’t forget to remove the custom template again when the update is available.

3 Likes

An update is already available from the testing repository. Please don’t create a custom template.

3 Likes

@filippo_carletti

Hi. Some new messages after installing this update. (and without custom template)
Related?

I just saw that the email with the attachment arrived.
It is a password protected zip file, inside an xls file with a macro virus.

I seem to remember that zip files with passwords not being scanned by clamav were rejected? (although I think I’m confused with another case).

Regards

oletools unable to scan files with supported extensions is normal behaviour.
If an attachment has a filename extension or type listed in /etc/rspamd/local.d/external_services.conf we try to find dangerous macros. Sometimes, if the file type doesn’t match the extension oletools can’t scan for macros.

Password-protected zip files are scanned and delivered: password protecting is a common way to bypass filters.
I’m aware that malware is being distributed as pass-protected zip with the password written into the email body.

2 Likes

Same.