ClamAV blocks a certain user's mail

ericosman

Verified User
Joined
Nov 25, 2019
Messages
12
Hi,

I was installing ClamAV today, and to test it i downloaded the eicar.com test virus....
But after ClamAV found that virus it started to block all incomming and outgoing mails from a certain domain...

Is there a way to remove this domain from the "bad" list?

Thanks in advance!
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
670
Location
Murfreesboro
This should get you close.
If you want Rspamd replace spamassasin with rspamd

Code:
cd /usr/local/directadmin/custombuild
./build update
./build clean
./build set eximconf yes
./build set eximconf_release 4.5
./build set blockcracking yes
./build set easy_spam_fighter yes
./build set spamd spamassassin
./build set exim yes
./build set dovecot yes
./build set clamav yes
./build set dovecot_conf yes
./build curl
./build zlib
./build pcre2
./build exim
./build dovecot
./build spamassassin
./build blockcracking
./build easy_spam_fighter
./build exim_conf   
./build dovecot_conf
 

ericosman

Verified User
Joined
Nov 25, 2019
Messages
12
What cmds did you run?
This is what i did:


# cd /usr/local/directadmin/custombuild
# ./build update
# ./build set clamav yes
# ./build clamav

How to update clamav database?
# sudo freshclam

./build exim_conf


But if i run the code you sent me, i’ll change a lot of settings but will this remove the account from the blacklist? Or will this change the way clamav reacts when detecting a virus?
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
670
Location
Murfreesboro
I wasn’t sure of what you had run. Wanted to make sure you had something that would cover you to correct the system to work.

If you think your server is on a blacklist that is something else. Have you run blacklist checks? Go to the How To section and get my doc and see..
 

ericosman

Verified User
Joined
Nov 25, 2019
Messages
12
I wasn’t sure of what you had run. Wanted to make sure you had something that would cover you to correct the system to work.

If you think your server is on a blacklist that is something else. Have you run blacklist checks? Go to the How To section and get my doc and see..
According to MXToolbox i'm on 0 blocklists. So this has to be a local issue i guess.

On other domains / account i can sent mails and recive them. It's just one account / domain i cant
 

ericosman

Verified User
Joined
Nov 25, 2019
Messages
12
This is what i get when i try to sent mails to the specific account

550 authentication required

Connecting to [my-ip]

220 srv1.mydomain.com ESMTP Exim 4.92.3 Sat, 07 Dec 2019 16:06:49 +0100 [672 ms]
EHLO keeper-us-east-1b.mxtoolbox.com
250-srv1.mydomain.com Hello keeper-us-east-1b.mxtoolbox.com [52.55.244.91]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP [687 ms]
MAIL FROM:<supertool@mxtoolbox.com>
250 OK [687 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
550 authentication required [729 ms]

LookupServer 4016ms
 

ericosman

Verified User
Joined
Nov 25, 2019
Messages
12
When i SSH (with root acc) into
/etc/virtual/blacklist_domains

I get Access denied 😅
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,936
Location
GMT +7.00
Actually never seen ClamAV to block email accounts in DirectAdmin. Probably it has been blocked for some other reasons. Server logs might give more information: /var/log/directadmin/
 
Top