Re: [exim] where do I add clamav to exim.conf (exim 4.5x)

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: Exim, Users
Subject: Re: [exim] where do I add clamav to exim.conf (exim 4.5x)
Robert Cates wrote:
<snip>
> I have 'av_scanner = clamd:/var/run/clamav/clamd.ctl' added to my global
> section, but the above is just not clear to me where it should go (let's say
> in a default exim.conf file).


It needs to go in your DATA ACL.

I have the following global options:

# $acl_m0 permits the use of more than one AV scanner
av_scanner = $acl_m0
# spamd runs on localhost but could run on several
spamd_address = 127.0.0.1 783

...then in my DATA ACL I have:

   # Reject virus infections.
   deny    message       = \
We do not accept messages carrying viruses or other malware.\n\
Your message is infected with:   $malware_name\n\
Please check the originating system for infection.
   set acl_m0    = clamd:/var/run/clamd.exim/clamd.sock
   demime        = *
   # defer_ok here as we fall through to two other AV scanners
   malware       = */defer_ok
   message       = Clam Antivirus detected $malware_name


I then have the Spamassassin part of the DATA ACL come afterwards- not
much point running a spam check on something we know we're going to
reject for being a virus. Although I suppose it could be argued that
feeding the common patterns of virus-infected messages to SA could be a
useful second line of defence to catch very early appearances of new
variants with the same text patterns as pervious ones...

HTH

Graeme