Just a quick one today. It seems to be a recurring problem for me that every once in a while I want to go into Amavisd-new’s quarantine and look for false positives (not that there should be any if it’s setup right). There are a number or graphical ways of doing this but most of them aren’t available in the Ubuntu repositories. The 2 that I could find are Horde-sam and Webmin’s Clamav module (which I have used before and is pretty easy to use if you are command-line averse). I didn’t want to add another service in order to keep resource usage as low as possible so I set about finding a way to check each email from the command line. So firstly to cycle through every quarantined email use the following command in the quarantine directory (normally /var/lib/amavis/virusmails in Ubuntu):-
find |xargs less
To explain what the command does; we are using find to display the names of all files, sub-directories and files in sub-directories, which then get passed to xarg using a pipe, which then passes the filenames as arguments to less. We need to use less to view the files as some are stored gzipped to save space in the quarantine. To move to the next file use”:n” in less. Once you are confident you have evaluated any false positives you can delete all the files in the quarantine similarly using find and xargs but this time passing to rm. It goes with out saying this is an EXTREMELY dangerous command if run from the wrong directory so please be careful!
find |xargs rm
This will leave the directory structure for the quarantine intact.
Hope this helps someone looking for a simple, no fuss, low resource way to manage a small amavisd-new quarantine.