Re: Exim4 + ClamAV + Some Virii get through

From: Alan Chandler (alan_at_chandlerfamily.org.uk)
Date: 08/03/04

  • Next message: Ogya Chief: "Capturing all bootup messages" 
    To: Debian User List <debian-user@lists.debian.org>
Date: Tue, 3 Aug 2004 07:27:39 +0100

    On Tuesday 03 August 2004 02:25, David Purton wrote:
    ...
    >
    > It offers these lines, which might help in
    > /etc/exim4/conf.d/acl/40_exim4-config_check_data:
    >
    >
    > deny message = This message contains malformed MIME ($demime_reason)
    > demime = *
    > condition = ${if >{$demime_errorlevel}{2}{1}{0}}

    This needs exim4-heavy to be installed which includes a patch to connect to
    virus checkers.

    You also need

    # This tells what virus scanner to user
    av_scanner = clamd:/var/run/clamav/clamd.ctl

    Near the begining of the configuration

    Actually you can go further than that here is a sample from my config file (I
    have recombined into a single exim4.conf file) Not only can you reject
    malformed mime, you can reject certain attachments and call the virus
    scanner. The TEERGRUB conditions add 5 second delays (TEERGRUB is set to 5)
    on these messages to slow any potential spammer down by holding his
    connection for a short period of time.

      # Reject messages that have serious MIME errors.
      # This calls the demime condition again, but it
      # will return cached results.

            deny message = Serious MIME defect detected ($demime_reason)
            demime = *
            condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    .ifdef TEERGRUBE
            delay = TEERGRUBE
    .endif

    # Reject file extensions
      # used by worms. Note that the extension list may be
      # incomplete.

            deny message = This domain has a policy of not accepting certain
    types of attachments in mail \
                            as they may contain a virus. This mail has a file
    with an $found_extension \
                            attachment and is not accepted. If you have a
    legitimate need to send this \
                            particular attachment, send it zipped, and it will
    then be forwarded to the recipient.
            demime = exe:com:vbs:bat:pif:scr
    .ifdef TEERGRUBE
            delay = TEERGRUBE
    .endif

      # Reject messages containing malware.

            deny message = This message contains a virus ($malware_name) and
    has been rejected
            malware = *
    .ifdef TEERGRUBE
            delay = TEERGRUBE
    .endif 

    -- 
Alan Chandler
alan@chandlerfamily.org.uk
First they ignore you, then they laugh at you,
 then they fight you, then you win. --Gandhi
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Ogya Chief: "Capturing all bootup messages"