Virustotal integration for amavisd-new
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
Jenkins 3b55d5469d Release 0.5.3 2 лет назад
amavisvt Release 0.5.3 2 лет назад
tests Fixed unpacking of single-payload mails which contain only attachments 2 лет назад
.gitignore Updated .gitignore 3 лет назад
.travis.yml Added requirements_dev.txt for development dependencies 3 лет назад
LICENSE.txt Initial commit 3 лет назад
Makefile Update Makefile 2 лет назад Fixed formatting in 2 лет назад
amavisvt_example.cfg Starting to rework amavisvt to use a daemon 3 лет назад
requirements.txt Support both, filemagic and python-magic 2 лет назад
requirements_dev.txt Added requirements_dev.txt for development dependencies 3 лет назад Don't forget packages in 3 лет назад Release 0.5.2 2 лет назад

amavisvt is a daemon to include Virustotal as an amavisd-new virus scanner by using the Virustotal Public API.

amavisvt uses memcached to reduce the number of calls to the API. While it’s possible to run amavisvt without memached, it’s strongly advised to do so. Even with memcached in place, you might hit Virustotals API limit pretty fast and amavisvt will stop detecting an new threats. If you hit Virustotal’s API limit regularly, you might want to change the API endpoint url to an alternative one (see below), which acts as a proxy and has a much higher limit.

amavisvt uses the SHA256 hash of mimeparts to fetch file scan reports from Virustotal. amavisvt does not send any content to virustotal unless you have the filename pattern detection feature enabled (see amavisvt_example.cfg for details). To reduce the number of requests to VT even further, amavisvt only asks for reports for parts whose mime type (identified by libmagic) starts with application/, image/ or are typical scripts (perl, python, shell).

In future versions, amavisvt may integrate configurable filter for the mime types and/or file extensions.

Build Status Coverage Status


If you are on Gentoo Linux, add the last hope overlay and emerge amavisvt:

layman -a last-hope
emerge app-antivirus/amavisvt -av


First, create an account on to obtain your API key. After registration, you can find it under “My API key”

amavisvt ships with an example config file. Place it in one of the following locations: /etc/amavisvt.cfg, ~/amavisvt.cfg or ./amavisvt.cfg and adjust it to your needs.

Please note, the location of memcached isn’t configurable at the moment. The instance has to run on and must accept connections from localhost.

As a last step, configure amavisd-new by adding the following snippet to either @av_scanners or @av_scanners_backup. Starting with 0.4 AmavisVT uses a daemon:

    \&ask_daemon, ["CONTSCAN {}\n", "/var/amavis/amavisvtd.sock"],
    qr/(?:Detected as) (.*)/m,
    qr/(?:Detected as) (.*)/m],

If you feel adventurous, you can set api_url to which acts as a caching proxy for the Virustotal API and gives you a higher API limit.