[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: Exim4 + Clamav

You have perfectly understood! At the moment my exim4-daemon-heavy configuration works in this way:
- I receive an e- mail message
- I control  if  actualy there is the addressee
- if he exists I accept the message and I begin to check it, otherwhise I turn it down.
- If the message has been accepted, I check if it has got a virus:
av_scanner = clamd:/var/run/clamav/clamd.ctl
- If it hasn't got a virus I go on and check (anti-spam controls etc..), otherwise, if I find a virus I reject the message using a 500 response to the server.
   # Reject messages containing malware.
   deny message = This message contains a virus ($malware_name) and has been rejected
     demime = *
     malware = *
     log_message = MALWARE: $malware_name
But the addressee doesn't know anything about the rejection of this e-mail and continually calls me in order to know where is his e-mail.
After telling him a lot of time that his e-mail has been refused because the sender had sent him a virus not by his will, he has thanked me for the service but begged me to tell him something when  I reject a message. The customer perfectly knows that I will send him  a lot of useless e-mails but he accepts it and, at the end, he pays.
But I really have no idea about how it works. I don't know if it is advisable to configure exim or it would be better to use clamav. Surfing the net I found this e-mail and it sounds like being generated by clamav. Above you can read the text of this e-mail
Subject: Virus Worm.SomeFool.Gen-2 found in attached mail by ClamAV.

ClamAV anti-virus scanner has intercepted and deleted a message.

The following is a summary of the infected message:

Virus name: Worm.SomeFool.Gen-2
From: kerrie.a****re@***.ie
To: myuser@mydomain.com
Now I think that everything is more clear! Could you help me?
I am  looking forward to getting your answer, thank you very much.

Reply to: