Re: [exim] Local_scan before antivirus scan

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: Cronfy
CC: exim-users
Subject: Re: [exim] Local_scan before antivirus scan
Cronfy wrote:
> Hello.
>
> I am using exim 4.62 for spam scanning with it's local_scan function
> and I want to use same exim daemon to scan messages for viruses too.
> There are no problems with setting this up, but there is one performance
> trouble: we meet spam messages much more often than virus messages,
> so it would be smart to scan for spam *before* virus scan. But local_scan
> is called *after* all ACLs, thus it seems to be no solution to filter
> "spam then viruses" inside one exim daemon.
>
> At this time I have to receive and filter spam with one mail server and then
> forward messages to another one. This gives me no way to reject virus messages
> in SMTP session.
>
> Are there any solutions to run local_scan before DATA ACL or inside DATA ACL
> or somehow else.. just to make exim to look for spam before viruses?


Alas, apart from hacking the code (which you have done at least a little
bit already to make your own local_scan module), you can't change when
local_scan is called with configuration options.
The common solution is to call it in ACL just like you seem to be doing
your virus scanning ATM. Of course, this is specifically for
SpamAssassin, so if you're using something else... damn.
I've been looking into adding another spam type scanning thing into the
ACL area so I can call AISK (http://aisk.tuxland.pl/) as this looks
rather promising, but I haven't had the time to do so yet.

Anyway, this is how my spam scanning ACLs are set up. In acl_smtp_data.
Bit of a bummer if you can't change your setup off local_scan.

> # Add headers to all messages
>   warn    message       = X-Spam-Score: $spam_score ($spam_bar)
>           condition     = ${if <{$message_size}{80k}{1}{0}}
>           spam          = spamc:true

>
> # Add spam report to headers
>   warn    message       = X-Spam-Report: $spam_report
>           condition     = ${if <{$message_size}{80k}{1}{0}}
>           spam          = spamc:true
>           condition     = ${if >{$spam_score_int}{50}{1}{0}}

>
> # Change the subject if it's spam.
>   warn     message      = X-New-Subject: **SPAM** $spam_score $h_subject:
>            spam         = spamc

>
> # Uncomment the following once a viable limit has been reached.
>   deny    message       = Spam score too high ($spam_score)
>           condition     = ${if <{$message_size}{80k}{1}{0}}
>           spam          = spamc:true/defer_ok
>           condition     = ${if >{$spam_score_int}{100}{1}{0}}