Re: [Exim] Exim 4.2 and ClamAV 0.6

Top Page
Delete this message
Reply to this message
Author: Ben Strawson
Date:  
To: Frank DeChellis DSL
CC: exim, exim-users
Subject: Re: [Exim] Exim 4.2 and ClamAV 0.6
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
I recently setup ClamAV on our mail server.

Your problem with clamd.pid may be permissions based - if you look in
the log file for clamd (assuming that you have enabled a log file in
your clamd configuration), then you may see a line such as:

ERROR: Can't save PID in file /var/run/clamd.pid

- but clamd still seems to startup. Obviously you'll need to fix your
permissions appropriately to allow the file to be written to by clamav -
eg. pre-create and chown the file.

The default exiscan configuration additions to your configure file
should let the virus scanner work. Basically there is an ACL with
"malware = *" in there. I've added "demime = *" as the recommendation
is to let exiscan take care of the demiming, rather than clamav which is
not as good (apparently).

I've also found that it was rejecting large ZIP files (only a few meg in
size though) with "file size limit exceeded", which causes exim to issue
a temporary reject. The mailing list has a solution here though:

http://www.mail-archive.com/clamav-users@lists.sourceforge.net/msg03415.html

- which worked for me, YMMV.

All in all it's working quite well, and is filtering out Worm.SCO.A .
It has let one through though which I am looking into - it was a bounce
of a bounce that still had the attachment on it (a .scr). I'm a bit
confused how it got through as our mail server rejects .scr files (among
others) without even virus scanning them (IIRC it's one of the defaults
for exiscan).

Ben.

Frank DeChellis DSL wrote:

>That's exactly what my line says.
>
>clamd is running. The log shows that it's doing its self check every hour
>and the databases are updating. What I get stuck on I guess is wqhat you
>need to enter after the av_scanner line in the ACLsection...or shold it
>run like that?
>
>One thing is wierd though...it doesn;t create a clamd.pid file while
>running.
>
>Frank
>
>
>
>>You have these, in somewhere like "main/02_exim4-config_options", right?
>>
>>    #
>>    # ClamAV && SpamAssassin
>>    #
>>    spamd_address = 127.0.0.1 783
>>    av_scanner = clamd:/var/run/clamd.ctl

>>
>>And what part doesn't work? Have you runt exim with the
>>classic debug enabled to see it fails somehere?
>>
>>jdl
>>
>>
>>--
>>
>>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>>
>>
>>
>>
>
>-----------------------------------------------------------------------
>Frank DeChellis
>Internet Access Worldwide
>3 East Main Street    Welland, Ontario, Canada    L3B 3W4
>905-714-1400     fax 905-732-0524
>www.iaw.com
>----------------------------------------------------------------------

>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>



--
----------------------------------------------------------------------
Ben Strawson                                    ben@???
Good Technology                                       +44 20 7565 8725
332B Ladbroke Grove, London, W10 5AH            www.goodtechnology.com


--