Administrator's Note:
Please see this post before following this thread, which is now approximately two years old:
Note that I am not responsible for anything happening. You should test this locally before putting into production.
There are known problems with SMTP limiter at the moment. If you run SMTP limiter, please only continue if you know what you're doing.
Installing clamav, this could be put into a bash file if ya like.
Making changes to exim.conf
I have not yet looked into further configuring the service. Ran a test on http://www.gfi.com/emailsecuritytest/
With the following result in /var/log/exim/mainlog:
Please see this post before following this thread, which is now approximately two years old:
Note that I am not responsible for anything happening. You should test this locally before putting into production.
There are known problems with SMTP limiter at the moment. If you run SMTP limiter, please only continue if you know what you're doing.
Installing clamav, this could be put into a bash file if ya like.
Code:
wget [url]http://surfnet.dl.sourceforge.net/sourceforge/clamav/clamav-0.87.1.tar.gz[/url]
tar zxvf clamav-0.87.1.tar.gz
cd clamav*
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
./configure --sysconfdir=/etc && make && make install
perl -pi -e "s/^Example/#Example/g" /etc/clamd.conf
perl -pi -e 's#^LocalSocket /tmp/clamd.socket#LocalSocket /var/run/clamav/clamd#g' /etc/clamd.conf
perl -pi -e "s/^#MaxThreads 20/MaxThreads 5/g" /etc/clamd.conf
perl -pi -e "s/^#ScanMail/ScanMail/g" /etc/clamd.conf
perl -pi -e "s/^Example/#Example/g" /etc/freshclam.conf
## Create the dir for the clamav socket
mkdir /var/run/clamav
## Check for updates 24 times a day
/usr/local/bin/freshclam -d -c 24
## Start clamd
/usr/local/sbin/clamd
## Start at boot
echo '' >> /etc/rc.local; echo '## Start Freshclam' >> /etc/rc.local; echo '/usr/local/bin/freshclam -d -c 24' >> /etc/rc.local;
echo '' >> /etc/rc.local; echo '## Start Clamd' >> /etc/rc.local; echo '/usr/local/sbin/clamd' >> /etc/rc.local;
Making changes to exim.conf
Code:
pico /etc/exim.conf
## Find primary_hostname and add the following line above
av_scanner = clamd:/var/run/clamav/clamd
## Find check_message:
## Make sure it looks like this:
check_message:
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
accept
## Save and exit
## Restart exim
/sbin/service exim restart
I have not yet looked into further configuring the service. Ran a test on http://www.gfi.com/emailsecuritytest/
With the following result in /var/log/exim/mainlog:
Code:
2005-11-07 13:06:02 1EZ5lC-0005u7-0Z H=gfiservers.gfi.com [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-07 13:06:02 1EZ5lC-0005u6-88 H=gfiservers.gfi.com [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
2005-11-07 13:06:02 1EZ5lC-0005u7-Ec H=gfiservers.gfi.com [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Exploit.ObjCodebase.Calc)
2005-11-07 13:06:02 1EZ5lC-0005u6-MA H=gfiservers.gfi.com [69.20.55.130] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (GFI.VBS.Test)
Last edited: