postal icon indicating copy to clipboard operation
postal copied to clipboard
verified publisher icon postalserver

X-Postal-Threat header fix and X-Virus-Status header added

Open ripkens opened this issue 8 years ago • 17 comments

To have the X-Postal-Threat header set to be true if ClamAV finds a Threat, one Line has to be changed in /app/jobs/unqueue_message_job.rb Line 132

Old: "X-Postal-Threat: #{queued_message.message.threat == 1 ? 'yes' : 'no'}" New: "X-Postal-Threat: #{queued_message.message.threat ? 'yes' : 'no'}"

The Problem is, that the mail inspection returns "true" or "false" not 1 or 0

Additionaly, an extra header should be added:

"X-Virus-Status: #{queued_message.message.threat_details}"

ripkens avatar Nov 18 '17 21:11 ripkens

I don't think that message.threat returns a boolean. It comes straight from the database untouched so it should be 1 or 0. I'd need to look into this a little further to see what it does. If it does what I think, this would mark all messages as threats.

adamcooke avatar Nov 21 '17 13:11 adamcooke

I checked this already.

If you check for '1', it returns always "x-postal-threat no" even if a threat is found.

If you check if its boolean true, it works as expected. If a threat is found it reports yes, if not it reports no.

ripkens avatar Nov 22 '17 08:11 ripkens

I can confirm that this pull request fixes the issue with it always reporting no

tankerkiller125 avatar Jun 01 '18 14:06 tankerkiller125

Related to #1293 I think actually it need reject sending of email

dragoangel avatar Feb 12 '21 10:02 dragoangel

Hi when i change the /app/jobs/unqueue_message_job.rb Line 132 from Old: "X-Postal-Threat: #{queued_message.message.threat == 1 ? 'yes' : 'no'}"
to New: "X-Postal-Threat: #{queued_message.message.threat ? 'yes' : 'no'}" also line

"X-Virus-Status: #{queued_message.message.threat_details}" is added as per above discussion.

I get the nginx 502 bad gateyway error and I am not able to access the postal GUI. And when i revert back to the old config then the error is gone and i am able to access Postal GUI.

When I run postal status, web and worker are in failed state. Can any one guide me on this ?

gitaayush avatar Mar 30 '21 07:03 gitaayush

@gitaayush forget about it, it anyway not reject viruses, useless

dragoangel avatar Mar 30 '21 08:03 dragoangel

@tankerkiller125 has verified the pull request fixes the issues.

@dragoangel you are saying that clamav only detects viruses and does not rejects the virus ?

gitaayush avatar Mar 30 '21 08:03 gitaayush

@gitaayush in result - yes, but logic are another: postal send mgs data to clamav tcp port, clamav scan the data and return result. Based on that result postal only add header and do nothing else. I tried add logic to reject any viruses by myself but it broken in multiple places and my ruby understanding isn't on that level to get it works correctly. More over clamav is heavy, without caching and reusing scan results (storing md5 of scanned msg body and attachment and scan results in some redis etc) it performance suicide to run this.

dragoangel avatar Mar 30 '21 08:03 dragoangel

@dragoangel so is there any other way for including antivirus in postal ??. Hope spamassassin does its job unlike clamav.

gitaayush avatar Mar 30 '21 10:03 gitaayush

@gitaayush there no other way to include av in postal. Spamassassin can't fwd mail to clamav it only analyze mgs by rules and can do some sort of simple bayes. If postal for example support rspamd then yep - rspamd have options to integrate with av on his side and rspamd use caching of scan results. But not think that postal can be integrated with rspamd without big code changes.

dragoangel avatar Mar 30 '21 10:03 dragoangel

@dragoangel thank you for your clarification, I am only using my postal as a mass relay server. I wont need incoming emails, I will need outgoing emails. Postal has stated unlimited emails per hour. Is it correct ?

gitaayush avatar Mar 30 '21 10:03 gitaayush

@gitaayush The issue for my point of view that good mta must not only block unacceptable incoming mail, but also outgoing. In case your service will become compromised due to credentials leak or software vulnerability spam and av checking of outgoing traffic can save from getting in really big issues. Of course it will not block all spam, but at least it will block most agresive part of it.

dragoangel avatar Mar 30 '21 11:03 dragoangel

merge this, please!

tarikdevapp avatar Sep 08 '21 14:09 tarikdevapp

I am having the same issue, please, merge this!

tarikdevapp avatar Sep 08 '21 14:09 tarikdevapp

Confirming the original post fixes the X-Postal-Threat header. This needs merged or the scanning makes no sense.

nextlogic-ono avatar Mar 19 '22 17:03 nextlogic-ono

Is it now possible to merge this? Thanks a lot! :-)

PS: I am interested in contributing by updating the Postal official documentation to reflect my findings and provide additional guidelines from info I had to collect through Github or 3rd parties. How to do that?

kfabien avatar Jun 16 '22 16:06 kfabien

@kfabien you can make a PR to the docs repo to update the documentation, I'm not sure when this will be merged though.

willpower232 avatar Jun 16 '22 16:06 willpower232

Unfortunately, both @ripkens and @adamcooke are correct.

2.7.7 :013 > message = Server.last.message_db.message(1)
2.7.7 :014 > message.threat
 => 0 
2.7.7 :016 > message.inspect_message
2.7.7 :017 > message.threat
 => false

This does need to be fixed, but the fix presented here isn't the full story. A quick fix would be to check for both 1 and true but there's probably a better way to tidy this situation up.

catphish avatar Mar 13 '23 14:03 catphish

Thank you for raising this. I'm closing this PR but the fix will be incorporated into this larger PR which solves the underlying problem of booleans in the message database: https://github.com/postalserver/postal/pull/2380

catphish avatar Mar 16 '23 16:03 catphish