The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

antivirus.exim no longer functions?!?

Discussion in 'E-mail Discussions' started by jols, Jul 19, 2009.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    When adding a new rule (see below) to antivirus.exim, then restarting exim on the server, the email that contains 32223 in the body copy is delivered as usual.

    $message_body contains "32223"

    I have noticed this lately, that new rules added to antivirus.exim seem to have no effect, but curiously the old rules that were there seem to work as they did.

    What could be going on with this?

    By the way, I did check the exim settings in WHM and indeed antivirus.exim should be in effect.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I just checked our servers and /etc/exim.conf does indeed seem to be missing the system_filter line that points to that file. I'd log it with cPanel and post back here what you find out. In the meantime, you should be able to add the line into the first textbox of the advanced exim configuration editor:

    system_filter = /path/to/your/system.filter
     
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thank you for posting this.

    I filed an internal inquiry regarding this and will update this thread with the findings.
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks.

    Question - If I follow Chirpy's advice, then will Exim error out once cPanel.net get's this problem resolved?
     
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Once it's resolved the next update would possibly add a second system_filter directive in exim.conf. This will prevent exim from restarting:

    Code:
    Starting exim-475: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf:
      "system_filter" option set for the second time
                                                               [FAILED]
    Starting exim: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf:
      "system_filter" option set for the second time
                                                               [FAILED]
    Starting exim-smtps: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf:
      "system_filter" option set for the second time
                                                               [FAILED]
    root@mundane [/usr/local/cpanel/bin]# vim /etc/exim.conf
    root@mundane [/usr/local/cpanel/bin]# ps ax | grep exim
    17198 pts/0    R+     0:00 grep exim
    
    We recommend the use of ClamAV (or similar software ) to provide the services once accomplished via antivirus.exim.
     
  6. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Kenneth, I know this is an old thread, but this is happening again. Except this time I do find the following line in /etc/exim.conf

    system_filter=/etc/antivirus.exim

    The problem now is that none of the commands I have installed in /etc/antivirus.exim are having any effect. For example (and this is why I can't use clamav):

    Here is the contents of my /etc/antivirus.exim file:
    -----------------------------------
    # Exim filter
    if error_message then finish endif
    if
    $message_headers contains "viagra"
    or $header_reply-to contains "internetseer"
    or $header_Subject contains "Buy and save"
    or $message_headers contains "Buy and save"
    or $message_headers contains "tpnet.pl"
    or $message_body contains "Facebook_details"
    or $message_body contains "mailbox utility"
    or $message_body contains "module.zip"
    or $message_body contains "balancechecker.zip"
    or $message_body contains "remote-admin.net"
    or $message_body contains "microsoftofficeupdate"
    or $message_body contains "viagra"
    or $message_body contains "phentermine"
    then
    save "/dev/null" 660
    endif
    -----------------------------------

    The above no longer has any effect, e.g. phentermine or viagra in the body copy is delivered, etc.

    Any idea what may be going on with this?

    OR, does anyone know of another way to install and use a global, system-wide email filter based on keywords as per the above?
     
  7. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page