1

I manage a Debian Squeeze server that uses Exim as the MTA and runs several mailing lists using Mailman. I'd like to set up ClamAV to block viruses that may get posted to a list. I'm having trouble finding documentation online for how to integrate ClamAV with Exim and Mailman (and what configuration is done automatically by the Debian install scripts).

What needs to be done besides installing the appropriate packages to get ClamAV to work with Exim and Mailman lists?

jrdioko
  • 567
  • 5
  • 9
  • 18

1 Answers1

3

To use clamav in Debian squeeze you need to start by installing the exim4-daemon-heavy package instead of the default exim4-daemon-light version, the heavy daemon was compiled with more functionality including the ability to link into clamav. Just do an apt-get install exim4-daemon-heavy, it won't change much, and pretty safe to run.

After you have that enabled you need do a little setup. I am assuming you are using split configs, if not you'll have to translate the below to the correct location within the combined config file.

I usually create a file /etc/exim4/conf.d/main/04_exim4-config_filter that looks like this.

# socket for clamd
av_scanner = clamd:/var/run/clamav/clamd.ctl

Then I uncomment the malware config in your /etc/exim4/conf.d/acl/40_exim4-config_check_data file.

  # Deny if the message contains malware. Before enabling this check, you
  # must install a virus scanner and set the av_scanner option in the
  # main configuration.
  #
  # exim4-daemon-heavy must be used for this section to work.
  #
  deny
    malware = *
    message = This message was detected as possible malware ($malware_name).

You might also want to block certain types of attachments.

I usually create a file acl to check mime extensions. /etc/exim4/conf.d/acl/50_exim4-config_check_mime

# This access control list is used for every MIME part in a an incoming
# SMTP message.
#
acl_check_mime:
  # Decode MIME parts to disk. This will support virus scanners later.
  warn decode = default

  # File extension filtering.
  deny message = This file extension has been blacklisted and is not allowed \
        through our email system. Send an email to helpdesk@example.org if \
        you have received this message in error.
  condition = ${if match \
                  {${lc:$mime_filename}} \
                  {\N(\.ade|\.adpx|\.app|\.bas|\.bat|\.chm|\.cmd|\.com|\.cpl|\
                      \.crt|\.exe|\.fxp|\.hlp|\.hta|\.inf|\.ins|\.isp|\
                      \.js|\.jse|\.lnk|\.mda|\.mdb|\.mde|\.mdt|\.mdw|\.mdz|\
                      \.msc|\.msi|\.msp|\.mst|\.ops|\.pcd|\.pif|\.prf|\.prg|\
                      \.reg|\.scf|\.scr|\.sct|\.shb|\.shs|\.url|\.vb|\.vbe|\
                      \.vbs|\.wsc|\.wsf|\.wsh|\.xsl)$\N} \
                     {1}{0}}

To enable this acl you have to add a some lines in your /etc/exim4/conf.d/main/02_exim4-config_options file.

# Defines the access control list that is run when an
# SMTP DATA command is received.
#
.ifndef MAIN_ACL_CHECK_MIME
MAIN_ACL_CHECK_MIME = acl_check_mime
.endif
acl_smtp_mime = MAIN_ACL_CHECK_MIME
Shamps
  • 103
  • 2
Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • Thanks, I just set this up. Your instructions were missing two steps (that are mentioned in [Ubuntu's instructions](https://help.ubuntu.com/community/EximClamAV)): installing the clamav-daemon package and adding the clamav user to the Debian-exim group. – jrdioko Apr 20 '12 at 02:28