Re: [exim] EXIM not detecting virus emails

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Patrick von der Hagen
Datum:  
To: exim-users
Betreff: Re: [exim] EXIM not detecting virus emails
On 22.10.2015 13:32, Gary Stainburn wrote:
> On Thursday 22 October 2015 10:32:06 Jeremy Harris wrote:
>> On 22/10/15 10:14, Gary Stainburn wrote:
>>> I'm having real problems with virus emails getting through my mail
>>> server. My initial config consists of:
>>>
>>> av_scanner = clamd:/var/run/clamd.exim/clamd.sock
>>
>> Clam updates running properly?
>> Tested with a known one (eg EICAR) ?
>
> Clamd is up and running, hence the clamd.exim entries. My concern is that it
> isn't being called for all suitable messages, i.e. not the ones I'm
> submitting.

You can confirm that by looking at the log. Just identify the message
you are concerned about and look for an entry like

/var/spool/exim/scan/1ZpBsO-000EWL-Pv/1ZpBsO-000EWL-Pv.eml: OK in the
clamav logs.

But your configuration looks ok (though I don't understand the
greylisting part in a data-acl, since greylisting triggers before data
is executed.

> I am testing with eicar and they are getting delivered. I am doing this
> using:
>
> [gary@ollie2 ~]$ echo test|mutt gary@??? -a eicar.txt -s "EICAR
> TEST"

what about "clamdscan eicar.txt"? Does clamd work if exim is not
involved? I suppose Jeremys concern is that clamav might run without a
singature database (or a broken one) and that's my concern as well.

> On top of this live virus emails are getting through.
>
>>
>>> I copied the syntax directly from the EXIM docs and amended to have:
>>
>> What was wrong with the aveserver scanner interface?
>
> The avescanner needed the run file /var/run/aveserver. I could not find
> anything like that file on my server. However, I did manage to convert an old
> sophie script to work with Kaspersky.
>
> That is why I thought I'd try that. However, because of the error mesage from
> EXIM, the script isn't getting working.
>
>
>> --
>> Cheers,
>> Jeremy
>


--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Patrick von der Hagen

Zirkel 2, Gebäude 20.21, Raum 004.2
76131 Karlsruhe
Telefon: +49 721 608-46433
E-Mail: hagen@???
Web: http://www.scc.kit.edu

KIT - Universität des Landes Baden-Württemberg und
nationales Forschungszentrum in der Helmholtz-Gemeinschaft