RE: [Exim] Advice - Building mail platform from scratch

>
> The greate advantage of using Exiscan to do your anti-virus
> checking is that it allows you to reject viruses at the smtp
> conversation stage. Done properly, this drastically reduces
> the number of spurious NDRs that you generate, for one thing.
>
> There are issues to be aware of with this approach: load and
> timeouts, mostly. You may want to have the virus scanner
> (e.g. clamav) listening on a dedicated host.

Exiscan does not support running clamav (clamd), or any of the other
virusscanners as far as I know, on a remote host. The reason for this is
that it passes the location of the directory (e.g.
/var/spool/exim/scan/<messageid>/) where the temporary mail spool file
(<messageid>.eml) and any demimed files are stored, to the virusscanner
without sending the files themselves (issuing the SCAN option of clamd) and
obviously a remote clamd cannot access these files. To run clamd on a remote
host the files themselves need to be send to clamd (issuing the STREAM
command to clamd). I quickly patched exiscan do just so and it seems to
work, however because it was done quickly most of the code needs to be
improved to make it fool proof.

To reduce the load another enhancement can be made to exiscan (when running
clamd on the same host). When the demime option is used before checking on
malware everything is checked twice. Because the directory of the temporary
files is passed to clamd everything in it will be scanned, meaning the mail
spool file and all again MIME parts generated by the demime command.

--
René.