Re: Exim4 + ClamAV + Some Virii get through
On Tuesday 03 August 2004 02:25, David Purton wrote:
...
>
> It offers these lines, which might help in
> /etc/exim4/conf.d/acl/40_exim4-config_check_data:
>
>
> deny message = This message contains malformed MIME ($demime_reason)
> demime = *
> condition = ${if >{$demime_errorlevel}{2}{1}{0}}
This needs exim4-heavy to be installed which includes a patch to connect to
virus checkers.
You also need
# This tells what virus scanner to user
av_scanner = clamd:/var/run/clamav/clamd.ctl
Near the begining of the configuration
Actually you can go further than that here is a sample from my config file (I
have recombined into a single exim4.conf file) Not only can you reject
malformed mime, you can reject certain attachments and call the virus
scanner. The TEERGRUB conditions add 5 second delays (TEERGRUB is set to 5)
on these messages to slow any potential spammer down by holding his
connection for a short period of time.
# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
# Reject file extensions
# used by worms. Note that the extension list may be
# incomplete.
deny message = This domain has a policy of not accepting certain
types of attachments in mail \
as they may contain a virus. This mail has a file
with an $found_extension \
attachment and is not accepted. If you have a
legitimate need to send this \
particular attachment, send it zipped, and it will
then be forwarded to the recipient.
demime = exe:com:vbs:bat:pif:scr
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
# Reject messages containing malware.
deny message = This message contains a virus ($malware_name) and
has been rejected
malware = *
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
--
Alan Chandler
alan@chandlerfamily.org.uk
First they ignore you, then they laugh at you,
then they fight you, then you win. --Gandhi
Reply to: