antivirus.exim no longer functions?!?
When adding a new rule (see below) to antivirus.exim, then restarting exim on the server, the email that contains 32223 in the body copy is delivered as usual.
$message_body contains "32223"
I have noticed this lately, that new rules added to antivirus.exim seem to have no effect, but curiously the old rules that were there seem to work as they did.
What could be going on with this?
By the way, I did check the exim settings in WHM and indeed antivirus.exim should be in effect.
I just checked our servers and /etc/exim.conf does indeed seem to be missing the system_filter line that points to that file. I'd log it with cPanel and post back here what you find out. In the meantime, you should be able to add the line into the first textbox of the advanced exim configuration editor:
system_filter = /path/to/your/system.filter
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Thank you for posting this.
I filed an internal inquiry regarding this and will update this thread with the findings.
Kenneth
Development
cPanel, Inc.
Thanks.Originally Posted by cpanelkenneth
Question - If I follow Chirpy's advice, then will Exim error out once cPanel.net get's this problem resolved?
Once it's resolved the next update would possibly add a second system_filter directive in exim.conf. This will prevent exim from restarting:
We recommend the use of ClamAV (or similar software ) to provide the services once accomplished via antivirus.exim.Code:Starting exim-475: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf: "system_filter" option set for the second time [FAILED] Starting exim: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf: "system_filter" option set for the second time [FAILED] Starting exim-smtps: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf: "system_filter" option set for the second time [FAILED] root@mundane [/usr/local/cpanel/bin]# vim /etc/exim.conf root@mundane [/usr/local/cpanel/bin]# ps ax | grep exim 17198 pts/0 R+ 0:00 grep exim
Kenneth
Development
cPanel, Inc.
Kenneth, I know this is an old thread, but this is happening again. Except this time I do find the following line in /etc/exim.conf
system_filter=/etc/antivirus.exim
The problem now is that none of the commands I have installed in /etc/antivirus.exim are having any effect. For example (and this is why I can't use clamav):
Here is the contents of my /etc/antivirus.exim file:
-----------------------------------
# Exim filter
if error_message then finish endif
if
$message_headers contains "viagra"
or $header_reply-to contains "internetseer"
or $header_Subject contains "Buy and save"
or $message_headers contains "Buy and save"
or $message_headers contains "tpnet.pl"
or $message_body contains "Facebook_details"
or $message_body contains "mailbox utility"
or $message_body contains "module.zip"
or $message_body contains "balancechecker.zip"
or $message_body contains "remote-admin.net"
or $message_body contains "microsoftofficeupdate"
or $message_body contains "viagra"
or $message_body contains "phentermine"
then
save "/dev/null" 660
endif
-----------------------------------
The above no longer has any effect, e.g. phentermine or viagra in the body copy is delivered, etc.
Any idea what may be going on with this?
OR, does anyone know of another way to install and use a global, system-wide email filter based on keywords as per the above?
http://forums.cpanel.net/f5/set-syst...rk-142453.html
Might be the cause.
LinkBack URL
About LinkBacks
Reply With Quote