Robert Cates wrote:
<snip>
> I have 'av_scanner = clamd:/var/run/clamav/clamd.ctl' added to my global
> section, but the above is just not clear to me where it should go (let's say
> in a default exim.conf file).
It needs to go in your DATA ACL.
I have the following global options:
# $acl_m0 permits the use of more than one AV scanner
av_scanner = $acl_m0
# spamd runs on localhost but could run on several
spamd_address = 127.0.0.1 783
...then in my DATA ACL I have:
# Reject virus infections.
deny message = \
We do not accept messages carrying viruses or other malware.\n\
Your message is infected with: $malware_name\n\
Please check the originating system for infection.
set acl_m0 = clamd:/var/run/clamd.exim/clamd.sock
demime = *
# defer_ok here as we fall through to two other AV scanners
malware = */defer_ok
message = Clam Antivirus detected $malware_name
I then have the Spamassassin part of the DATA ACL come afterwards- not
much point running a spam check on something we know we're going to
reject for being a virus. Although I suppose it could be argued that
feeding the common patterns of virus-infected messages to SA could be a
useful second line of defence to catch very early appearances of new
variants with the same text patterns as pervious ones...
HTH
Graeme
