Re: [Exim] ClamAV Problem

Top Page
Delete this message
Reply to this message
Author: Oliver Eikemeier
Date:  
To: Sheldon Hearn
CC: exim-users
Subject: Re: [Exim] ClamAV Problem
Sheldon Hearn wrote:

> On (2003/10/16 17:12), Wolf-Guido Lutz wrote:
>
>
>>I have updated to Exim 4.24 recently with exiscan, clamav and spamassassin.
>>Now when I enable antivirus scanning in exim's configure file, I get
>>
>>2003-10-16 16:55:37 1AA9XN-0000Gd-0n malware acl condition: clamd: ClamAV
>>returned /var/spool/exim/scan/1AA9XN-0000Gd-0n: Can't access the file ERROR
>
>
> Here's my ClamAV configuration checklist. It's FreeBSD-specific, but
> about the only thing that affects are directory paths and usernames.
> Adjust accordingly.
>
> Ciao,
> Sheldon.
> --
> http://starjuice.net/
>
> --------------------------------------------------------------------------
> The following steps will enable clamd malware scanning using exiscan ACLs.
> It is important to follow them in sequence.
>
> * Install security/clamav from the ports tree.
>
> * Add user clamav to the mail group in /etc/group.
>
> *  Create /var/log/clamav and /var/run/clamav, and change the ownership
>    of both to clamav:clamav.


pkg-install does this since 1.4:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/clamav/pkg-install.diff?r1=1.3&r2=1.4&f=h
nevertheless it's a good idea to check.

> * In Exim's configure file, set av_scanner=clamd:/var/run/clamav/clamd
>
> *  Adjust the exiscan ACLs in Exim's configure file.  Make sure you use
>    the demime option with the malware check, e.g.:

>
>    deny message = This message contains malware ($malware_name)
>     demime  = *
>     malware = *

>
> * Edit clamav.conf as follows:
>
>     LogFile /var/log/clamav/clamd.log
>     PidFile /var/run/clamav/clamd.pid
>     LocalSocket /var/run/clamav/clamd
>     User clamav
>     AllowSupplementaryGroups
>     ScanArchive

>
>    You may wish to make other changes as well.

>
> *  Install the shell script included at the end of these instructions as
>    /usr/local/etc/rc.d/clamd.sh, taking care to make it executable.


I've contributed a rc.ng script to security/clamav:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/clamav/files/clamd.sh

So you can remove that line and the sample script. You should check for
clamd_enable="YES"
in /etc/rc.conf, though.


Regards
    Oliver