eds132
Verified User
I have been lurking around for a quick and simple tutorial too install clamav for exim on DA now for a while. The majority of the tutorials here are a little dated for most of which call for exiscan patches and so forth. I decided to write my own for all FreeBSD 5.x DA users.
Software
FreeBSD 5.4
DirectAdmin 1.26.1
Exim 4.50
I am a huge fan of KISS(keep it simple stupid) so if there is a fancier way of doing this then oh well.
First I start with a fresh version of ports.
#rm -rf /usr/ports
#cd /usr
#ftp ftp.freebsd.org
#ftp> cd pub/FreeBSD/ports/ports
#ftp>get ports.tar.gz
#tar -xvzf ports.tar.gz
#cd /usr/ports/security/clamav
#make install
##I get curl and milter(no purpose just habbit from sendmail days) ##
##add the lines
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
##to /etc/rc.conf##
##configure clam and freshclam confs in /usr/local/etc/
#/usr/local/etc/rc.d/clamav-clamd.sh start
#/usr/local/etc/rc.d/clamav-clamav-freshclam.sh start
#cp /etc/exim.conf /etc/exim.conf.bak
#pico -w /etc/exim.conf
##add this line at the top of the config
av_scanner = clamd:/var/run/clamav/clamd
##add this with the other alcs (around line 317)
acl_smtp_mime = check_mime
##add this section above check_message:
check_mime:
warn decode = default
deny message = I don't accept this file type
##one line
condition = ${if match {${lc:$mime_filename}} {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|.vbs)$\N} {1}{0}}
deny message = Hiding of file extensions(CLSID hidden) is not allowed
condition = ${if match {$mime_filename} {\N\{[a-hA-H0-9-]{25,}\}\N}{1}{0}}
accept
##add these lines between check_message: and accept
deny message = This email may contain virii ($malware_name)
malware = *
warn message = X-Antivirus-Scanner: Scanned with ClamAV
##save and exit pico
##I am lazy, first off. I run exim to check config
##If no errors, then i use the DA interface to restart exim and make sure it is ##running.
#exim --(to check config for errors)
##done
I test using
http://www.eicar.org/anti_virus_test_file.htm virus sigs.... with this setup only two of 24 get through.......
Software
FreeBSD 5.4
DirectAdmin 1.26.1
Exim 4.50
I am a huge fan of KISS(keep it simple stupid) so if there is a fancier way of doing this then oh well.
First I start with a fresh version of ports.
#rm -rf /usr/ports
#cd /usr
#ftp ftp.freebsd.org
#ftp> cd pub/FreeBSD/ports/ports
#ftp>get ports.tar.gz
#tar -xvzf ports.tar.gz
#cd /usr/ports/security/clamav
#make install
##I get curl and milter(no purpose just habbit from sendmail days) ##
##add the lines
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
##to /etc/rc.conf##
##configure clam and freshclam confs in /usr/local/etc/
#/usr/local/etc/rc.d/clamav-clamd.sh start
#/usr/local/etc/rc.d/clamav-clamav-freshclam.sh start
#cp /etc/exim.conf /etc/exim.conf.bak
#pico -w /etc/exim.conf
##add this line at the top of the config
av_scanner = clamd:/var/run/clamav/clamd
##add this with the other alcs (around line 317)
acl_smtp_mime = check_mime
##add this section above check_message:
check_mime:
warn decode = default
deny message = I don't accept this file type
##one line
condition = ${if match {${lc:$mime_filename}} {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|.vbs)$\N} {1}{0}}
deny message = Hiding of file extensions(CLSID hidden) is not allowed
condition = ${if match {$mime_filename} {\N\{[a-hA-H0-9-]{25,}\}\N}{1}{0}}
accept
##add these lines between check_message: and accept
deny message = This email may contain virii ($malware_name)
malware = *
warn message = X-Antivirus-Scanner: Scanned with ClamAV
##save and exit pico
##I am lazy, first off. I run exim to check config
##If no errors, then i use the DA interface to restart exim and make sure it is ##running.
#exim --(to check config for errors)
##done
I test using
http://www.eicar.org/anti_virus_test_file.htm virus sigs.... with this setup only two of 24 get through.......