Recently api usage is low but logs are complaining..

[mick58]

But if I login to virustotal, there is only 300 requests for today.

Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/amavisvt-0.5.3-py2.7.egg/amavisvt/client.py", line 529, in check_vt raise Exception("API-Limit exceeded!") Exception: API-Limit exceeded! 2017-11-02 09:01:37,514 ERROR [Thread-105] Error asking virustotal about files Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/amavisvt-0.5.3-py2.7.egg/amavisvt/client.py", line 529, in check_vt bash: 2017-11-02: command not found raise Exception("API-Limit exceeded!") Exception: API-Limit exceeded! root@smtp:/var/log# Traceback (most recent call last): bash: syntax error near unexpected token most' root@smtp:/var/log# File "/usr/local/lib/python2.7/dist-packages/amavisvt-0.5.3-py2.7.egg/amavisvt/client.py", line 529, in check_vt bash: File: command not found root@smtp:/var/log# raise Exception("API-Limit exceeded!") bash: syntax error near unexpected token(' root@smtp:/var/log# Exception: API-Limit exceeded! bash: Exception:: command not found root@smtp:/var/log# 2017-11-02 09:01:37,514 ERROR [Thread-105] Error asking virustotal about files bash: 2017-11-02: command not found root@smtp:/var/log# Traceback (most recent call last): bash: syntax error near unexpected token most' root@smtp:/var/log# File "/usr/local/lib/python2.7/dist-packages/amavisvt-0.5.3-py2.7.egg/amavisvt/client.py", line 529, in check_vt bash: File: command not found root@smtp:/var/log# raise Exception("API-Limit exceeded!") bash: syntax error near unexpected token(' root@smtp:/var/log# Exception: API-Limit exceeded! bash: Exception:: command not found

[mick58]

I've recently changed the starting script. Before I started manually. Now I am starting with proper init.d script. And update-rc.d.

#! /bin/sh
### BEGIN INIT INFO
# Provides:          amavisvt
# Required-Start:    $remote_fs $all
# Required-Stop:.
# Should-Start:......
# Should-Stop:.......
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts amavisvt
# Description:       Launches the Amavis Virus Total
### END INIT INFO

# Some things that run always
AMP="/usr/local/lib/python2.7/dist-packages/amavisvt-0.5.3-py2.7.egg/amavisvt"
PY="/usr/bin/python2.7"

# Carry out specific functions when asked to by the system
case "$1" in
  start)
    echo "Starting amavisvtd"
    cd $AMP
    $PY $AMP/amavisvtd.py --socket /run/amavisvtd.sock &
    sleep 3
    chown amavis:amavis /run/amavisvtd.sock
    ;;
  stop)
    echo "Stopping amavisvtd"
    pkill -f amavisvtd
    rm -f /run/amavisvtd.sock
    ;;
  *)
    echo "Usage: /etc/init.d/amavisvt {start|stop}"
    exit 1
    ;;
esac

exit 0

[mick58]

This script is not perfect, chown amavis:amavis /run/amavisvtd.sock does not work somehow I tried su, sudo, start-stop-daemon. This part is still "manual".

[ercpe]

The Virustotal API is not only limited by the total number of request per day, but also in a one minute-window:

is limited to at most 4 requests of any nature in any given 1 minute time frame.

Please make sure that the number of requests per minute is below that threshold.

[mick58]

It could be. What do you think about my starting script? Any trick to make amavisvt.sock owned not by root but amavis?

cheers Miki

2017-11-02 9:47 GMT+00:00 Johann Schmitz notifications@github.com:

The Virustotal API is not only limited by the total number of request per day, but also in a one minute-window:

is limited to at most 4 requests of any nature in any given 1 minute time frame.

Please make sure that the number of requests per minute is below that threshold.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ercpe/amavisvt/issues/7#issuecomment-341368958, or mute the thread https://github.com/notifications/unsubscribe-auth/AXYqztckgF7LLHpsGPL68s9TpY-yvbeyks5syY-2gaJpZM4QPYcd .

[ercpe]

The socket is propably owned by root because the script is started as root. Try something like sudo -u amavis $PY $AMP/amavisvtd.py --socket /run/amavisvtd.sock (first make sure the socket doesn't already exists).

[mick58]

I've tried that but then there is something wrong with the quotation marks, because sudo will never take full command as input 'amavis $PY $AMP/amavisvtd.py --socket /run/amavisvtd.sock' Nothing worked am I stupid :D ??

cheers Miki

2017-11-02 10:52 GMT+00:00 Johann Schmitz notifications@github.com:

The socket is propably owned by root because the script is started as root . Try something like sudo -u amavis $PY $AMP/amavisvtd.py --socket /run/amavisvtd.sock (first make sure the socket doesn't already exists).

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ercpe/amavisvt/issues/7#issuecomment-341385101, or mute the thread https://github.com/notifications/unsubscribe-auth/AXYqzqBj_9ssKo7B_g-M_PXujmwVkCPxks5syZ7YgaJpZM4QPYcd .

[mick58]

Also sometimes I am sending one message with just plain body, no attachments, but somehow amavisvt is sending few files for scan. I wonder what are they?

cheers Miki

2017-11-02 10:52 GMT+00:00 Johann Schmitz notifications@github.com:

The socket is propably owned by root because the script is started as root . Try something like sudo -u amavis $PY $AMP/amavisvtd.py --socket /run/amavisvtd.sock (first make sure the socket doesn't already exists).

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ercpe/amavisvt/issues/7#issuecomment-341385101, or mute the thread https://github.com/notifications/unsubscribe-auth/AXYqzqBj_9ssKo7B_g-M_PXujmwVkCPxks5syZ7YgaJpZM4QPYcd .

[ercpe]

Try it without quotes as the init script is basically just a shell script. Also: which OS? Maybe it's safer to use the init systems daemon handler to launch it.

amavisvt works on mail parts. When you send a (HTML) mail, you typically send two parts: a plain text part and an HTML part. Each image / attachment adds another parts. amavisvt has a hardcoded list of mimetype which are sent to VT; so even if the mail looks "text only" (except when it's actually a plain text mail) multiple parts may be sent to Virustotal.

[mick58]

debian. Yesterday I spent 2 hours on that with no success. Even sleep and chown amavis:amavis amavisvt.sock is not working in auto startup mode, it's working well when you start it from the finger.

2017-11-02 16:20 GMT+00:00 Johann Schmitz notifications@github.com:

Try it without quotes as the init script is basically just a shell script. Also: which OS? Maybe it's safer to use the init systems daemon handler to launch it.

amavisvt works on mail parts. When you send a (HTML) mail, you typically send two parts: a plain text part and an HTML part. Each image / attachment adds another parts. amavisvt has a hardcoded list of mimetype which are sent to VT; so even if the mail looks "text only" (except when it's actually a plain text mail) multiple parts may be sent to Virustotal.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ercpe/amavisvt/issues/7#issuecomment-341476395, or mute the thread https://github.com/notifications/unsubscribe-auth/AXYqzuaNy2Hbknac7EDLmytehH0zuDnCks5syevngaJpZM4QPYcd .

[mick58]

Amavis by default is putting to quarantine many extensions (executables for example), can we have more control what is sent to virustotal for scan so we skip scanning for files that will be quarantined anyway?

cheers Miki

2017-11-02 9:47 GMT+00:00 Johann Schmitz notifications@github.com:

The Virustotal API is not only limited by the total number of request per day, but also in a one minute-window:

is limited to at most 4 requests of any nature in any given 1 minute time frame.

Please make sure that the number of requests per minute is below that threshold.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ercpe/amavisvt/issues/7#issuecomment-341368958, or mute the thread https://github.com/notifications/unsubscribe-auth/AXYqztckgF7LLHpsGPL68s9TpY-yvbeyks5syY-2gaJpZM4QPYcd .