Re: Exim4 + ClamAV + Some Virii get through

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: Exim4 + ClamAV + Some Virii get through
From: Alan Chandler <alan@chandlerfamily.org.uk>
Date: Tue, 3 Aug 2004 07:27:39 +0100
Message-id: <[🔎] 200408030727.40002.alan@chandlerfamily.org.uk>
In-reply-to: <[🔎] 20040803012533.GA16772@marshwiggle.net>
References: <[🔎] 20040803012533.GA16772@marshwiggle.net>

On Tuesday 03 August 2004 02:25, David Purton wrote:
...
>
> It offers these lines, which might help in
> /etc/exim4/conf.d/acl/40_exim4-config_check_data:
>
>
> deny message = This message contains malformed MIME ($demime_reason)
>   demime = *
>   condition = ${if >{$demime_errorlevel}{2}{1}{0}}

This needs exim4-heavy to be installed which includes a patch to connect to 
virus checkers.

You also need 

# This tells what virus scanner to user
av_scanner = clamd:/var/run/clamav/clamd.ctl

Near the begining of the configuration

Actually you can go further than that here is a sample from my config file (I 
have recombined into a single exim4.conf file)  Not only can you reject 
malformed mime, you can reject certain attachments and call the virus 
scanner.  The TEERGRUB conditions add 5 second delays (TEERGRUB is set to 5) 
on these messages to slow any potential spammer down by holding his 
connection for a short period of time.

  # Reject messages that have serious MIME errors.
  # This calls the demime condition again, but it
  # will return cached results.

        deny    message = Serious MIME defect detected ($demime_reason)
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}
.ifdef TEERGRUBE
        delay           = TEERGRUBE
.endif

# Reject file extensions
  # used by worms. Note that the extension list may be
  # incomplete.

        deny    message = This domain has a policy of not accepting certain 
types of attachments in mail \
                        as they may contain a virus.  This mail has a file 
with an $found_extension \
                        attachment and is not accepted. If you have a 
legitimate need to send this \
                        particular attachment, send it zipped, and it will 
then be forwarded to the recipient.
        demime = exe:com:vbs:bat:pif:scr
.ifdef TEERGRUBE
        delay           = TEERGRUBE
.endif

  # Reject messages containing malware.

        deny    message = This message contains a virus ($malware_name) and 
has been rejected
        malware = *
.ifdef TEERGRUBE
        delay           = TEERGRUBE
.endif

-- 
Alan Chandler
alan@chandlerfamily.org.uk
First they ignore you, then they laugh at you,
 then they fight you, then you win. --Gandhi

Reply to:

Follow-Ups:
- Re: Exim4 + ClamAV + Some Virii get through
  - From: David Purton <dcpurton@chariot.net.au>
- Re: Exim4 + ClamAV + Some Virii get through
  - From: Paul Johnson <baloo@ursine.ca>

References:
- Exim4 + ClamAV + Some Virii get through
  - From: David Purton <dcpurton@chariot.net.au>

Prev by Date: Re: Resize partitions urgent help
Next by Date: Capturing all bootup messages
Previous by thread: Exim4 + ClamAV + Some Virii get through
Next by thread: Re: Exim4 + ClamAV + Some Virii get through
Index(es):
- Date
- Thread