On 06/27/05 12:52, Shawn A. Prestridge wrote: > Hello all, > I haven't used UNIX in the past 10 years and this is my first go at Linux, > so please be patient if some of my question seem a bit obvious to the rest > of you. Rest assured that I have looked up every FAQ and HowTo known to > Google on this subject and I still can't seem to get things to work quite > properly. > I have Exim4 running and it's sending and receiving e-mail with applomb. > However, I cannot seem to get Clam to work properly, even though I have been > following this HowTo (http://koivi.com/exim4-config/). It seems to me that > Clam isn't scanning e-mail as it arrives at the server. Clam seems to be > running: > > jennifer:/var/log/exim4# ps -efa | grep clamd > root 21794 1 0 17:13 ? 00:00:00 /usr/sbin/clamd > > I have included it in my > /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs: > > ###################################################################### > # MAIN CONFIGURATION SETTINGS # > ###################################################################### > # This tells what virus scanner to user > av_scanner = clamd:/var/run/clamav/clamd.ctl > # Slowing spammers down by holding their connection a bit > TEERGRUBE = 60s > <snip> > > > However, if I change my /etc/exim4/conf.d/acl/40_exim4-config_check_data > from: > > ### acl/40_exim4-config_check_data > ################################# > acl_check_data: > > # accept otherwise > accept > > to this: > ### acl/40_exim4-config_check_data > ################################# > acl_check_data: > deny message = This message contains a virus ($malware_name) and has been r$
Don't want to start something but imho that's a very ugly policy. Since 99%+ malware is spreading using faked senders, your mta is actually bouncing malware to some innocent email addy. Please consider archiving infected mails to some dedicated mbox or :blackhole:'ing it instead. > demime = * > malware = * > > # accept otherwise > accept > > ALL e-mail is rejected. > > The /var/log/exim4/paniclog is full of this: > > 2005-06-25 20:37:43 1DmM5f-0006bp-Br demime acl condition: error while > creating mbox spool file That's a nice hint. Whatever user exim's running as doesn't appear to have enough privs to create the temp mailbox (and possibly directory) to feed the clam. Try exim4 -d-all+acl (or something like that) to investigate. >From http://www.exim.org/exim-html-4.50/doc/html/spec_40.html: <snip> All the content-scanning facilites work on a MBOX copy of the message that is temporarily created in a file called: <spool_directory>/scan/<message_id>/<message_id>.eml [...] When the MIME ACL decodes files, they are put into the same directory by default. </snip> > > When I look in /var/log/clamav/clamav.log, I see no mention of scanning > anything. Does anyone have any idea what is happening and how I can fix it? > Thanks in advance for your time and consideration. My apologies for such a > long post, but I wanted to put in all the pertinent information I could > think of to speed a solution. > Regards, acab _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
