My bad. I pasted the wrong line. Sorry,
av_scanner = clamd:/var/run/clamav/clamd.ctl
And it's enabled. I'm using the exim4u config patches, and in
exim4u_global_spam_virus:
# ClamAV Global Setting
# When enabled, Exim4U uses ClamAV to scan incoming mail for viruses during
# the SMTP connection. ClamAV is enabled (on) or disabled (off):
#ClamAV: off
ClamAV: on
Then in the main exim4.conf:
CLAMENABLED = ${lookup{ClamAV}lsearch{/etc/exim4/exim4u_global_spam_virus}}
and
acl_check_content:
# Accept any messages that are larger than 256k because they are not
likely to contain
# viruses... that large size of virus will take too long to replicate ;)
accept condition = ${if >{$message_size}{256k}{yes}{no}}
# Now process the rest
warn condition = ${if eq{CLAMENABLED}{on}{yes}{no}}
add_header = X-Scanned-By:
${extract{1}{/}{${readsocket{inet:localhost:3310}{VERSION}{1s}{}
{unscanned}}}} \
$acl_m_interface_opt $acl_m_helo_data
($acl_m_interface); $tod_full\n
I looked at the documentation link you provided, and I don't see
anything there that isn't already set.
On 1/19/2021 12:46 AM, Andreas Metzler via Exim-users wrote:
> On 2021-01-19 Dan Egli via Exim-users <exim-users@???> wrote:
>> I was looking at a message that had somehow gotten through my spam filters
>> to see if I could figure out why, when I discovered a line in the header
>> that said the message had not been virus scanned by exim. THAT was a
>> surprise. I have clamd running
> ^^^^^ virus scanner
>
>> and the exim.conf points to it (spamd_address > = 127.0.0.1 783),
> ^^^^^
> Spam scanner
>
> You seem to be mixing up malware and spam scanning.
>
> Also configuration of either of these has two parts. Telling exim *how* to
> run the respective test (main configuration), and on *when* to run it
> and how to act on its results (ACL setting).
>
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
>
> cu Andreas
>
