Can't block spam with zip files

[chow]

Hi, lately I receive a lot of spam with zip files attached. I searched the board but can't find the best way to prevent this.. What is the best tool/method to filter these out? Running CentOS 5.3 with latest Directadmin installed..

 

[mr.applesauce]

You would have to block zip files as attachments using the system_filter file in /etc.

I forgot the exact name of the file.

ls /etc/*filter*

 

[daveyw]

I forgot the exact name of the file.

nano -w /etc/system_filter.exim

 

[floyd]

However many people send legitimate emails with zip files attached. So be careful. You might be better off enabling clamav if those zip files are viruses.

 

[nobaloney]

The problem is most likely the size of the file. SpamAssassin is probably set to not scan files over a certain size.

Jeff

 

[chow]

Problem is that spamassasin at the moment holds too many legit emails so we had to set the treshhold to medium. Fixed the issue but now we get pretty large amounts of spam with zip files attached. Those zipfiles are trojans or virusses.
Probably clamav is the solution than but I haven't found a good recent howto. Only a prett old one when dovecot wasn't implemented yet. So I'm unsure how to proceed without destroying my shared hosting server

 

[mr.applesauce]

What version is your exim.conf

Check the first 10 lines in /etc/exim.conf

head -10 /etc/exim.conf

Usually a line goes under primary_hostname =

av_scanner = clamd:/var/run/clamav/clamd

The /var/run/clamav/clamd has to match the path to the socket file and you can find that in the clamd.conf file.

As far as installing clamd you can just do that via any normal package manager... yum, apt-get, aptitude, freebsd ports, ... etc

Then start the clamd service.

After clamd is running you finally restart exim to get it running.

You really dont need to configure anything with the clamd program.

 

[chow]

Great, it worked fine.. Thnx a lot!!