[exim] EXIM not detecting virus emails

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Gary Stainburn
Datum:  
To: exim-users
Betreff: [exim] EXIM not detecting virus emails
I'm having real problems with virus emails getting through my mail server. My
initial config consists of:

av_scanner = clamd:/var/run/clamd.exim/clamd.sock

acl_check_data:

  warn    condition  = ${if !def:h_Message-ID: {1}}
          set acl_m_greylistreasons = Message lacks Message-Id: header. \
                 Consult RFC2822.\n$acl_m_greylistreasons
  deny    senders = /etc/exim/lists/deny.senders


  deny    malware    = *
          message    = This message contains a virus ($malware_name).



I am getting /var/log/clamd.exim entries which implies that it's doing
something, but it's not detecting viri.

Thu Oct 22 10:09:36
2015 -> /var/spool/exim/scan/1ZpBsO-000EWL-Pv/1ZpBsO-000EWL-Pv.eml: OK
Thu Oct 22 10:09:41
2015 -> /var/spool/exim/scan/1ZpBsT-000EWT-66/1ZpBsT-000EWT-66.eml: OK
Thu Oct 22 10:09:47
2015 -> /var/spool/exim/scan/1ZpBsZ-000EWd-Ma/1ZpBsZ-000EWd-Ma.eml: OK
Thu Oct 22 10:10:03
2015 -> /var/spool/exim/scan/1ZpBsp-000EWv-LR/1ZpBsp-000EWv-LR.eml: OK
Thu Oct 22 10:10:05
2015 -> /var/spool/exim/scan/1ZpBsr-000EWx-B4/1ZpBsr-000EWx-B4.eml: OK
Thu Oct 22 10:10:10
2015 -> /var/spool/exim/scan/1ZpBsw-000EXA-IA/1ZpBsw-000EXA-IA.eml: OK


I have tried using Kaspersky with a wrapper script that I've written (I had
real problems with their Mail Gateway software which sits in front of EXIM)

I copied the syntax directly from the EXIM docs and amended to have:

  av_scanner = cmdline:\
               /etc/exim/bin/kasp_sweep %s:\
               ThreatName='(.*)'


However, when I try to use it I get:

2015-10-22 10:14:06 1ZpBwk-000EdW-Ui malware acl condition: cmdline: missing
virus name regex specification