Re: [exim] Exim and clamav

Top Page
Delete this message
Reply to this message
Author: fhuet
Date:  
CC: exim-users
Subject: Re: [exim] Exim and clamav
Thomas Hager wrote:

>On Fri, 2005-03-04 at 12:28 +0100, fhuet wrote:
>
>
>>In fact, in my exim4.conf, i have this yet :
>>acl_smtp_data = check_message
>>
>>
>and what did the check_message acl look like?
>
>
>
>>then I changed as you said. But now, all mails are rejected :
>>
>>2005-03-04 12:24:58 1D7AvQ-0006yg-Hy
>>H=21.red-213-98-160.pooles.rima-tde.net (mail.mysociety.com)
>>[213.98.160.21] F=<silvia38@???> rejected after DATA
>>2005-03-04 12:24:59 1D7AvS-0006yj-KW H=vg1.xxx.com [62.23.133.253]
>>F=<info@???> rejected after DATA
>>2005-03-04 12:24:59 1D7AvS-0006yi-Gh H=(mail.mysociety.com)
>>[213.171.224.44] F=<clientes@???> rejected after DATA
>>2005-03-04 12:25:02 1D7AvV-0006yn-MU H=(sunxx97.xxxx.net)
>>[209.207.134.250] F=<3.7m@23.97g> rejected after DATA
>>
>>
>looks like you forgot to add the final "accept" keyword to the
>acl_clamav ACL.
>
>hth,
>tom.
>
>
>

here is acl conf (be carreful, it's a bit tumble!):

#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#


#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl

#!!# ACL that is used after the RCPT command
check_recipient:
  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  accept  hosts = :
  deny    hosts = +rbl_hosts
          message = host is listed in $dnslist_domain
          dnslists = rbl.mail-abuse.org
  warn    hosts = +rbl_hosts
          message = X-Warning: $sender_host_address is listed at 
$dnslist_domain
          dnslists = dialups.mail-abuse.org
  accept  domains = +local_domains
  accept  domains = +relay_domains
  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted


# OLD SECTION
#!!# ACL that is used after the DATA command
#check_message:
# accept
#########

#!!# ACL that is used after the DATA command
#check_message:
#accept
#require verify = header_sender

##### clamav ACL, reject virus infected mails with proper error
acl_clamav:
  deny message = virus no good, go home!
       malware = *
        demime = 
ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:p
cd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
  accept
#deny message = This message contains malformed MIME ($demime_reason).
   #demime = *
   #condition = ${if >{$demime_errorlevel}{2}{1}{0}}


# Deny viruses.
#deny message = Message contains malware or a virus ($malware_name).
# log_message = $sender_host_address tried sending $malware_name
#demime = *
#malware = *

#deny message = Potentially executable content. If you meant to send 
this file \
#then please package it up as a zip file and resend it.
        demime = 
ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:p
cd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc


# Add X-Scanned Header

warn message = X-Antivirus-Scanner: Clean mail though you should still
use an Antivirus

##### end clamav ACL

acl_check_data:

# On redirige les mails douteux sur /var/spool/exim4/quarantaine
warn message = X-Redirect-To: quarantaine@localhost
demime = com:vbs:bat:cmd:pif:scr:exe

# On tag l'entete du mail
warn message = Nom du virus detecte ($malware_name)
malware = *

# On redirige les mails contenant des types mine inconnus et ceux
contenant des virus.
warn message = X-Redirect-To: quarantaine@localhost
demime = *
malware = *

# On tag l'entete du mail spamme
warn message = X-Spam-Score: pfrsmtp01 $spam_score ($spam_bar)
spam=nobody:true

# On tag le Subject du mail avec *SPAM* pour bien l'identifier.
warn message = Subject: *SPAM* $h_Subject
spam=nobody

# On redirige les mails ayant un score spam superieur a 8 ( multiplier
par 10)
# Spamassassin effacera, par defaut, les score superieur a 5.
warn message = X-Redirect-To: quarantaine@localhost
spam=nobody:true
condition = ${if >{$spam_score_int}{80}{1}{0}}

# Add Message-ID if missing
warn condition = ${if !def:h_Message-ID: {1}}
hosts = +relay_from_hosts
message = Message-ID: <E$message_id@$primary_hostname>

# Deny unless the address list headers are syntactically correct.
#
# This is disabled by default because it might reject legitimate mail.
# If you want your system to insist on syntactically valid address
# headers, you might want to enable the following lines.
# deny message = Message headers fail syntax check
# !acl = acl_whitelist_local_deny
# !verify = header_syntax

# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
# deny message = No verifiable sender address in message headers
# !acl = acl_whitelist_local_deny
# !verify = header_sender

# accept otherwise
accept




--
Franck Huet
Administrateur Unix
Boursorama
Tel : 01-46-09-48-17