Re: [exim] Virus/Malware errors

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Graeme Fowler
Datum:  
To: List: exim
Betreff: Re: [exim] Virus/Malware errors
Hi

On 19 Jan 2021, at 08:03, Dan Egli via Exim-users <exim-users@???> wrote:
> My bad. I pasted the wrong line. Sorry,
>
> av_scanner = clamd:/var/run/clamav/clamd.ctl
>
> And it's enabled. I'm using the exim4u config patches, and in exim4u_global_spam_virus:
>
> # ClamAV Global Setting
> # When enabled, Exim4U uses ClamAV to scan incoming mail for viruses during
> # the SMTP connection. ClamAV is enabled (on) or disabled (off):
> #ClamAV: off
> ClamAV: on
>
> Then in the main exim4.conf:
>
> CLAMENABLED = ${lookup{ClamAV}lsearch{/etc/exim4/exim4u_global_spam_virus}}
>
> and
>
> acl_check_content:
>
> # Accept any messages that are larger than 256k because they are not likely to contain
> # viruses... that large size of virus will take too long to replicate ;)
>   accept condition              = ${if >{$message_size}{256k}{yes}{no}}

>
> # Now process the rest
>   warn  condition               = ${if eq{CLAMENABLED}{on}{yes}{no}}
>         add_header              = X-Scanned-By: ${extract{1}{/}{${readsocket{inet:localhost:3310}{VERSION}{1s}{} {unscanned}}}} \
>                                   $acl_m_interface_opt $acl_m_helo_data ($acl_m_interface); $tod_full\n


There is nothing in the above telling Exim to scan the email. That would be a line of the form:

malware = *

somwhere in your DATA ACL.

Given that this is not a stock Exim, with a lot of config tweaks by an external 3rd party, you may need to ask your question of that 3rd party.

Graeme