clam av in SB 3

rldev

Verified User
Joined
May 26, 2004
Messages
1,072
I have installed SB 3 with my setup and it is working well with the exim editor.
However, how is clam invoked? In my previous exim, it was invoked via exiscan. What's the difference here? What am I failing to understand?
 
ClamAV is used by the check_message{/b] acl:
Code:
# ACL that is used after the DATA command
check_message:
  # accept without checking if in skip_av_domains
  accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}}

  deny message = This message contains malformed MIME ($demime_reason)
  demime = *
  condition = ${if >{$demime_errorlevel}{2}{1}{0}}

  deny message = This message contains a virus or other harmful content ($malware_name)
  demime = *
  malware = *

  deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
  demime = bat:com:pif:prf:scr:vbs
It's defined by one of these lines:
Code:
# av_scanner = clamd:/var/run/clamav/clamd
# av_scanner = clamd:/tmp/clamd
In the beta version only one of these lines is included and you may need to change it depending on how you installed ClamAV. In the final versions both lines will be included as above and you'll have to uncomment the right one for your system.

Here's an example of a log entry in one of our systems using SpamBlocker3:
Code:
2007-01-25 19:25:39 1HAHic-0007Wg-Sf H=(PAULO) [84.5.87.96] F=<[email protected]> rejected after DATA: This messagecontains a virus or other harmful content (HTML.Phishing.Bank-627)
Jeff
 
Thanks Jeff,
I see it in the logs. Why this approach as opposed to Exiscan?
 
Because it's all built in to exim and doesn't require external software.

Jeff
 
Then perhaps it's built in and I'm already using it but don't know it :) ?

Do you have any calls to exiscan in your exim.conf file? I don't.

Jeff
 
Back
Top