Exim deny messages with harmful attachments

anton1982

Verified User
Joined
Jun 12, 2016
Messages
43
Today I installed Exim (https://help.directadmin.com/item.php?id=51). Everything works but it is not blocking harmful attachements. So I found this: https://help.directadmin.com/item.php?id=370 and tried that. The problem is that i cannot find the part "find "check_message:", and add this code below it:" in exim.conf.

I think the exim.conf is updated since this tutorial but do not know what to do next. I have seen that there is a part in exim.conf dat tries to include another file:

#EDIT#46:
.include_if_exists /etc/exim.clamav.conf

My guess is that I somehow have to add something to this file to get it working. I have tried some things but every time it breaks mail delivery. The contents are (by default):

------------------------------------------------------------

#1.2
deny
message = This message contains a virus or other harmful content ($malware_name)
malware = */defer_ok/tmo=10s
log_message = Message from $sender_host_address denied - virus of harmful content ($malware_name)

warn
message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
------------------------------------------------------------

Anyone can help me to get this working?
 
Hello,

Run this to make exim to scan incoming emails with an antivirus software:

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set clamav yes
./build set clamav_exim yes
./build set exim yes
./build set eximconf yes
./build set eximconf_release 4.5
./build clamav
./build exim_conf
./build exim
 
Hi Alex,

I have done so but still i get unfiltered emails in my box. I used a service emailsecuritycheck.net which sends you a couple of emails for testing. According to them you should not get any email in your inbox because of executable (.bat/.exe) attachments. But I do get these emails. Can you tell me how to get these emails in spam?
 
The exe and bat extensions should be rejected by system filter, see /etc/system_filter.exim
 
Hi Alex, I have the extensions in /etc/exim.easy_spam_fighter/exim_check_attachment.sh too, is there a difference in priority?
 
Johannes,

The system filter is run at the start of a delivery attempt, before any routing is done. If a message fails to be completely delivered at the first attempt, the system filter is run again at the start of every retry. If you want your filter to do something only once per message, you can make use of the first_delivery condition in an if command in the filter to prevent it happening on retries.


https://www.exim.org/exim-html-current/doc/html/spec_html/ch-systemwide_message_filtering.html


Easy Spam Fighter is called from ACL at various moments per exim.conf instructions.
 
Back
Top