I'm having real problems with virus emails getting through my mail server. My
initial config consists of:
av_scanner = clamd:/var/run/clamd.exim/clamd.sock
acl_check_data:
warn condition = ${if !def:h_Message-ID: {1}}
set acl_m_greylistreasons = Message lacks Message-Id: header. \
Consult RFC2822.\n$acl_m_greylistreasons
deny senders = /etc/exim/lists/deny.senders
deny malware = *
message = This message contains a virus ($malware_name).
I am getting /var/log/clamd.exim entries which implies that it's doing
something, but it's not detecting viri.
Thu Oct 22 10:09:36
2015 -> /var/spool/exim/scan/1ZpBsO-000EWL-Pv/1ZpBsO-000EWL-Pv.eml: OK
Thu Oct 22 10:09:41
2015 -> /var/spool/exim/scan/1ZpBsT-000EWT-66/1ZpBsT-000EWT-66.eml: OK
Thu Oct 22 10:09:47
2015 -> /var/spool/exim/scan/1ZpBsZ-000EWd-Ma/1ZpBsZ-000EWd-Ma.eml: OK
Thu Oct 22 10:10:03
2015 -> /var/spool/exim/scan/1ZpBsp-000EWv-LR/1ZpBsp-000EWv-LR.eml: OK
Thu Oct 22 10:10:05
2015 -> /var/spool/exim/scan/1ZpBsr-000EWx-B4/1ZpBsr-000EWx-B4.eml: OK
Thu Oct 22 10:10:10
2015 -> /var/spool/exim/scan/1ZpBsw-000EXA-IA/1ZpBsw-000EXA-IA.eml: OK
I have tried using Kaspersky with a wrapper script that I've written (I had
real problems with their Mail Gateway software which sits in front of EXIM)
I copied the syntax directly from the EXIM docs and amended to have:
av_scanner = cmdline:\
/etc/exim/bin/kasp_sweep %s:\
ThreatName='(.*)'
However, when I try to use it I get:
2015-10-22 10:14:06 1ZpBwk-000EdW-Ui malware acl condition: cmdline: missing
virus name regex specification