Re: [Clamav-users] Totally new to ClamAV

Fri, 03 Aug 2007 09:46:11 -0700 

Tom Ray [Lists] wrote:
> Jonathan Armitage wrote:
>> Tom Ray [Lists] wrote:
>>   
>>> I have Exim 4.67 installed and the latest version of clamAV.
>>>
>>> I have av_scanner=clamd:/tmp/clamd
>>>
>>> What type of ACL do I need for exim? Because the ones I've tried break 
>>> exim from working.
>>>
>>>     
>> How do they break Exim?
>>
>> What reply do you get from exim -bV?
>>
>> What is Exim saying in the logs?
>>
>> Jon
>>
>> Jon Armitage
>> System Administrator
>> 365 Media Group plc
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://lurker.clamav.net/list/clamav-users.html
>>   
> I think it was the ACL that I had. Which was:
> 
> check_message:
>   require verify = header_sender
> 
>   ######## EXISCAN ACL #########
>   deny message = This message contains malformed MIME ($demime_reason)
>   demime = *
>   condition = ${if >{$demime_errorlevel}{2}{1}{0}}
> 
>   deny message = This message contains a virus or other harmful content 
> ($malware_name)
>   demime = *
>   malware = *
> 
>   deny message = This message contains an attachment of a type which wedo not 
> accept (.$found_extension)
>   demime = bat:com:pif:prf:scr:vbs
> 
>   warn message = X-Antivirus-Scanner: Clean mail though you should still use 
> an Antivirus
>   ######## EXISCAN ACL #########
> 
> It was causing "Diagnostic-Code: smtp; 550 Administrative prohibition" 
> in the log. When I took out the ACL it went away.
> 
> I started clamd with /usr/local/clamav/sbin/clamd --debug and have 
> av_scanner: clamd:/tmp/clamd I just cant' see anything being scanned. Am 
> I missing an ACL? Router? Transport? I'm just lost on this.
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html

Try removing the test for malformed MIME altogether. I don't think I ever got 
it to work.

Also try:

# Reject virus infested messages.
   deny    message       = This message contains malware.
           malware       = */defer_ok <--- CHANGE THIS

Finally (probably too obvious!) Are you sure that /usr/local/etc/clamd.conf is 
putting the clamd socket where Exim thinks it is?

Jon
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Reply via email to