RE: [exim] where do I add clamav to exim.conf (exim 4.5x)

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Robert Cates
Fecha:  
A: Exim, Users
Asunto: RE: [exim] where do I add clamav to exim.conf (exim 4.5x)
Thanks Graeme!

I believe I've got it working. I've gone by your example, and had to mkdir
../clamd.exim and change the clamd user to my exim user id, and it seems to
be working, except, I do not see any headers in my (few) incoming messages.
When will I see headers for clamd, only when it finds something?

Thanks again,
Robert


-----Original Message-----
From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org]On
Behalf Of Graeme Fowler
Sent: Montag, 5. Dezember 2005 11:01
To: Exim, Users
Subject: Re: [exim] where do I add clamav to exim.conf (exim 4.5x)


Robert Cates wrote:
<snip>
> I have 'av_scanner = clamd:/var/run/clamav/clamd.ctl' added to my global
> section, but the above is just not clear to me where it should go (let's

say
> in a default exim.conf file).


It needs to go in your DATA ACL.

I have the following global options:

# $acl_m0 permits the use of more than one AV scanner
av_scanner = $acl_m0
# spamd runs on localhost but could run on several
spamd_address = 127.0.0.1 783

...then in my DATA ACL I have:

   # Reject virus infections.
   deny    message       = \
We do not accept messages carrying viruses or other malware.\n\
Your message is infected with:   $malware_name\n\
Please check the originating system for infection.
   set acl_m0    = clamd:/var/run/clamd.exim/clamd.sock
   demime        = *
   # defer_ok here as we fall through to two other AV scanners
   malware       = */defer_ok
   message       = Clam Antivirus detected $malware_name


I then have the Spamassassin part of the DATA ACL come afterwards- not
much point running a spam check on something we know we're going to
reject for being a virus. Although I suppose it could be argued that
feeding the common patterns of virus-infected messages to SA could be a
useful second line of defence to catch very early appearances of new
variants with the same text patterns as pervious ones...

HTH

Graeme

--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/