Re: [exim] Virus/Malware errors

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Dan Egli
Datum:  
To: Andreas Metzler, exim-users
Betreff: Re: [exim] Virus/Malware errors
My bad. I pasted the wrong line. Sorry,

av_scanner = clamd:/var/run/clamav/clamd.ctl

And it's enabled. I'm using the exim4u config patches, and in
exim4u_global_spam_virus:

# ClamAV Global Setting
# When enabled, Exim4U uses ClamAV to scan incoming mail for viruses during
# the SMTP connection. ClamAV is enabled (on) or disabled (off):
#ClamAV: off
ClamAV: on

Then in the main exim4.conf:

CLAMENABLED = ${lookup{ClamAV}lsearch{/etc/exim4/exim4u_global_spam_virus}}

and

acl_check_content:

# Accept any messages that are larger than 256k because they are not
likely to contain
# viruses... that large size of virus will take too long to replicate ;)
  accept condition              = ${if >{$message_size}{256k}{yes}{no}}

# Now process the rest
  warn  condition               = ${if eq{CLAMENABLED}{on}{yes}{no}}
        add_header              = X-Scanned-By:
${extract{1}{/}{${readsocket{inet:localhost:3310}{VERSION}{1s}{}
{unscanned}}}} \
                                  $acl_m_interface_opt $acl_m_helo_data
($acl_m_interface); $tod_full\n



I looked at the documentation link you provided, and I don't see
anything there that isn't already set.

On 1/19/2021 12:46 AM, Andreas Metzler via Exim-users wrote:
> On 2021-01-19 Dan Egli via Exim-users <exim-users@???> wrote:
>> I was looking at a message that had somehow gotten through my spam filters
>> to see if I could figure out why, when I discovered a line in the header
>> that said the message had not been virus scanned by exim. THAT was a
>> surprise. I have clamd running
>                     ^^^^^ virus scanner

>
>> and the exim.conf points to it (spamd_address > = 127.0.0.1 783),
>                                    ^^^^^
>                                    Spam scanner

>
> You seem to be mixing up malware and spam scanning.
>
> Also configuration of either of these has two parts. Telling exim *how* to
> run the respective test (main configuration), and on *when* to run it
> and how to act on its results (ACL setting).
>
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
>
> cu Andreas
>