Exiscan + ClamAV

Who said I guessed ?

Don't ask things if you didn't check them out.
The full steps in this thread are perfectly well explained for REDHAT.

the only difference I can find is that PICO maybe isn't installed standardly. but everyone with a little bit of knowledge could find out they should edit the file (example vi).
 
Last edited:
it might seem logical to you, but not to me, i ain't no linux expert. I didn't say you guessed

anyway, the install of exiscan, does that replace exim with exiscan, or does exiscan run besides exim?

i am using spamblocked exim.conf, where exactly does that clamd info go?
PHP: 
# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name. In many cases this does
# the right thing and you need not set anything explicitly.
   <<<-HERE??
# primary_hostname =
 
Last edited:
Exiscan is Exim Scanner. It is build in Exim.

In you're exim.conf you will find something like:

# ACL that is used after the DATA command
check_message:
......


You just change it as pointed to in this thread.
 
ok, but does exiscan replace exim then?
or does it patch exim?


about exim.conf: i mean this line:
av_scanner = clamd:127.0.0.1 3310
 
Exiscan is PATCHED into exim already a few versions back ago by Exim itself.

Exiscan is just a directive in the configuration file.

Just put that line on the first line of the file. or where you say :
PHP: 
   <<<-HERE??
 
Can anyone comment on the server load that this imposes on the servers in a production environment? I'm interested in the number of domains running on the server, and load values PRIOR to installation and POST installation.

Thanks

Joe
 
Is it possible to make it behave like mailscanner?

I mean receive the file, remove the virus and deliver the message?

BTW I tried to install clamav .80rc4
however it asked me for an updated version of glibc (2.34) which I don´t have access to. Therefore I had to install clamav version 0.75 from
ftp://ftp.pbone.net/mirror/ftp.falsehope.net/pub/clamav/clamav-0.75.1-1rh73.i386.rpm

interfasys said:
Worked for me. From my log :
"rejected after DATA: This message contains a virus or other malware (ClamAV-Test-Signature)"
Click to expand...
 
hostpc.com said:
Can anyone comment on the server load that this imposes on the servers in a production environment? I'm interested in the number of domains running on the server, and load values PRIOR to installation and POST installation.

Thanks

Joe
Click to expand...

Didn't noticed a huge load...working very good.
 
It seems that I got clamd running (finally installed it from the tar-gz), however exim is bouncing every email I receive ...
Code: 
Here is a tail for /exim/maillog
2004-10-15 16:40:02 1CIYrq-00008p-Kc H=octopus.dnsvelocity.com [64.21.80.9] F=<[email protected]> temporarily rejected after DATA
ale2004-10-15 16:43:02 1CIYuk-0004Fj-5u malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1CIYuk-0004Fj-5u: Access denied. ERROR

2004-10-15 16:43:02 1CIYuk-0004Fj-5u H=web13906.mail.yahoo.com [216.136.175.69] F=<[email protected]> temporarily rejected after DATA
 
Guess what?
I rebooted the server and started all the services again, and it is working now :)

I seems that my windows admin skills also work with Linux ;)

A final note on this, I have noticed no traces of spam assassin in the incoming email headers, why?
 
I was getting the error
Code: 
option "av_scanner" unknown at the line where av-scanner is in the .conf file

then I installed exiscan for redhat 9.0 and after that when I tried to restart exim, I get the following error

Code: 
Starting exim: 2004-10-16 01:22:55 Exim configuration error in line 283 of /etc/exim.conf:
  error in ACL: unknown ACL condition/modifier in "($malware_name)"
                                                           [FAILED]

Does anybody know how can I fix this?
thanks

Edit: Never Mind, Fixed it, there was an extra Carrige Return
 
Last edited:
Hi!
I was forwarding my emails from server account that also has spam assassin, it is an ehem cpanel server :)

It seems that DA's SpamAssassin was not
scanning emails that has been previously scanned.

albatroz said:
Guess what?
I rebooted the server and started all the services again, and it is working now :)

I seems that my windows admin skills also work with Linux ;)

A final note on this, I have noticed no traces of spam assassin in the incoming email headers, why?
Click to expand...
 
Actually, I would use VI instead of PICO, as in some cases PICO breaks lines that are too long.. generating errors


fusionictnl said:
Who said I guessed ?

Don't ask things if you didn't check them out.
The full steps in this thread are perfectly well explained for REDHAT.

the only difference I can find is that PICO maybe isn't installed standardly. but everyone with a little bit of knowledge could find out they should edit the file (example vi).
Click to expand...
 
How can I tell if my Exim has been patched with Exiscan?

whenever I try to install da_exim-4.32-1-exiscan.i386.rpm
I get these messages

[root@alfa instaladores]# rpm -ivh da_exim-4.32-1-exiscan.i386.rpm
Preparing... ########################################### [100%]
package da_exim-4.42-1 (which is newer than da_exim-4.32-1) is already installed
file /etc/exim.cert from install of da_exim-4.32-1 conflicts with file from package da_exim-4.42-1
 
I'm getting a similar error message

# rpm -Uvh da_exim-4.32-1-exiscan.i386.rpm
Preparing... ########################################### [100%]
package da_exim-4.32-1 is already installed
file /etc/exim.cert from install of da_exim-4.32-1 conflicts with file from package da_exim-4.32-1
file /etc/exim.key from install of da_exim-4.32-1 conflicts with file from package da_exim-4.32-1
file /usr/sbin/exim from install of da_exim-4.32-1 conflicts with file from package da_exim-4.32-1


Am I supposed to uninstall exim or is there something i'm not doing.
 
 
You must log in or register to reply here.
Back
Top