If you use the new exiscan-acl with clamd support, you could probably just use these in exim config (modify to fit your configuration):
#[main config section]
av_scanner = clamd:/tmp/clamd
#[acl_check_rcpt section]
acl_check_data:
deny message = Message "$header_Subject:" contains an unwanted file extension ($found_extension). If you wish to send these files, please Zip it and then resend.
demime = exe:com:vbs:bat:bas:ade:adp:chm:cmd:cpl:crt:hlp:hta:ins:inf:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:url:vbe:wsf:wsh:wsc
deny message = Message "$header_Subject:" contains virus or malware ($malware_name)
malware = *
accept condition = yes
A fair warning : if clamd is dead, ALL mail will be defered.
If you want to use the cmdline scanner with wrapper script (it can fallback to clamscan if clamd fails), use this in exim's configure :
#[main config section]
av_scanner = cmdline:\
/usr/exim/malware.sh %s:\
FOUND:'(.+)'
Use the same config as above for the acl_check_rcpt The wrapper script :
#!/bin/sh
TMPFILE=$1
DATE=`date '+%Y-%m-%d %H:%M:%S'`
BEG="$DATE $TMPFILE :"
LOGFILE=/var/spool/exim/log/malware.log
if [ "X$TMPFILE" = "X" ]
then echo You must specify file to scan
exit
fi
printf "$BEG Scanning for virus\n" >> $LOGFILE
SCANNER_OUTPUT=`/usr/clamav/bin/clamdscan $TMPFILE 2>&1`
ERROR=`echo $SCANNER_OUTPUT|grep -i ERROR:|wc -w`
if [ $ERROR -gt 0 ]
then SCANNER_OUTPUT=`/usr/clamav/bin/clamscan $TMPFILE 2>&1`
#clamscan fallback
fi
FOUND=`echo $SCANNER_OUTPUT|grep -i FOUND|wc -w`
if [ $FOUND -gt 0 ]
then VIRUS=`echo $SCANNER_OUTPUT | awk -F: '{print $2}'|awk '{print $1}'`
printf "$BEG rejecting : virus $VIRUS found\n" >> $LOGFILE
echo "'$VIRUS' FOUND"
exit
else
printf "$BEG No virus found\n" >> $LOGFILE
echo No virus detected
fi
Some warning :
- It will likely be a little slower then the clamd solution
- This script logs to /var/spool/exim/log/malware.log, which can grow very big. Remember to rotate it, or modify the script do disable logging.
- You need /bin/sh, awk, grep, wc, date, and cat (part of most standard U**ix)
- My clamdscan and clamscan were installed as /usr/clamav/bin/clamdscan and /usr/clamav/bin/clamscan
Regards,
Fajar
George Szekely wrote:
Sorry about that. It was an old virus, I don't keep the original mail anymore. I just keep the attachment.
Anyway,
I'm currently implementing exim 4.20 - exiscan-acl - clamav 20030522 in 7 MTAs.
Most are fine (I set exim's maximum connection to 384).
Two of them, because of the heavy traffic, had exim's maximum set to connection 2048 ( Even then I stil get "Connection from x.x.x.x refused: too many connections" in Exim's log).
exiscan calls clamav thru a wrapper script, that first calls clamdscan, and if it fails calls clamscan.
Fajar,
Since I'm trying to get going with exim4.20-exiscan-acl-clamav-0.54 also,
I would love to see your exim config and the wrapper script that calls on clamdscan. I was under the impression that exiscan does that by itself.
George
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
