Thanks Graeme!
I believe I've got it working. I've gone by your example, and had to mkdir
../clamd.exim and change the clamd user to my exim user id, and it seems to
be working, except, I do not see any headers in my (few) incoming messages.
When will I see headers for clamd, only when it finds something?
Thanks again,
Robert
-----Original Message-----
From: exim-users-bounces@??? [
mailto:exim-users-bounces@exim.org]On
Behalf Of Graeme Fowler
Sent: Montag, 5. Dezember 2005 11:01
To: Exim, Users
Subject: Re: [exim] where do I add clamav to exim.conf (exim 4.5x)
Robert Cates wrote:
<snip>
> I have 'av_scanner = clamd:/var/run/clamav/clamd.ctl' added to my global
> section, but the above is just not clear to me where it should go (let's
say
> in a default exim.conf file).
It needs to go in your DATA ACL.
I have the following global options:
# $acl_m0 permits the use of more than one AV scanner
av_scanner = $acl_m0
# spamd runs on localhost but could run on several
spamd_address = 127.0.0.1 783
...then in my DATA ACL I have:
# Reject virus infections.
deny message = \
We do not accept messages carrying viruses or other malware.\n\
Your message is infected with: $malware_name\n\
Please check the originating system for infection.
set acl_m0 = clamd:/var/run/clamd.exim/clamd.sock
demime = *
# defer_ok here as we fall through to two other AV scanners
malware = */defer_ok
message = Clam Antivirus detected $malware_name
I then have the Spamassassin part of the DATA ACL come afterwards- not
much point running a spam check on something we know we're going to
reject for being a virus. Although I suppose it could be argued that
feeding the common patterns of virus-infected messages to SA could be a
useful second line of defence to catch very early appearances of new
variants with the same text patterns as pervious ones...
HTH
Graeme
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://www.exim.org/eximwiki/
