antivirus.exim no longer functions?!?

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
When adding a new rule (see below) to antivirus.exim, then restarting exim on the server, the email that contains 32223 in the body copy is delivered as usual.

$message_body contains "32223"

I have noticed this lately, that new rules added to antivirus.exim seem to have no effect, but curiously the old rules that were there seem to work as they did.

What could be going on with this?

By the way, I did check the exim settings in WHM and indeed antivirus.exim should be in effect.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,453
31
473
Go on, have a guess
I just checked our servers and /etc/exim.conf does indeed seem to be missing the system_filter line that points to that file. I'd log it with cPanel and post back here what you find out. In the meantime, you should be able to add the line into the first textbox of the advanced exim configuration editor:

system_filter = /path/to/your/system.filter
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Thank you for posting this.

I filed an internal inquiry regarding this and will update this thread with the findings.
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Thank you for posting this.

I filed an internal inquiry regarding this and will update this thread with the findings.
Thanks.

Question - If I follow Chirpy's advice, then will Exim error out once cPanel.net get's this problem resolved?
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Thanks.

Question - If I follow Chirpy's advice, then will Exim error out once cPanel.net get's this problem resolved?
Once it's resolved the next update would possibly add a second system_filter directive in exim.conf. This will prevent exim from restarting:

Code:
Starting exim-475: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf:
  "system_filter" option set for the second time
                                                           [FAILED]
Starting exim: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf:
  "system_filter" option set for the second time
                                                           [FAILED]
Starting exim-smtps: 2009-07-23 08:21:29 Exim configuration error in line 4 of /etc/exim.conf:
  "system_filter" option set for the second time
                                                           [FAILED]
[email protected] [/usr/local/cpanel/bin]# vim /etc/exim.conf
[email protected] [/usr/local/cpanel/bin]# ps ax | grep exim
17198 pts/0    R+     0:00 grep exim
We recommend the use of ClamAV (or similar software ) to provide the services once accomplished via antivirus.exim.
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Kenneth, I know this is an old thread, but this is happening again. Except this time I do find the following line in /etc/exim.conf

system_filter=/etc/antivirus.exim

The problem now is that none of the commands I have installed in /etc/antivirus.exim are having any effect. For example (and this is why I can't use clamav):

Here is the contents of my /etc/antivirus.exim file:
-----------------------------------
# Exim filter
if error_message then finish endif
if
$message_headers contains "viagra"
or $header_reply-to contains "internetseer"
or $header_Subject contains "Buy and save"
or $message_headers contains "Buy and save"
or $message_headers contains "tpnet.pl"
or $message_body contains "Facebook_details"
or $message_body contains "mailbox utility"
or $message_body contains "module.zip"
or $message_body contains "balancechecker.zip"
or $message_body contains "remote-admin.net"
or $message_body contains "microsoftofficeupdate"
or $message_body contains "viagra"
or $message_body contains "phentermine"
then
save "/dev/null" 660
endif
-----------------------------------

The above no longer has any effect, e.g. phentermine or viagra in the body copy is delivered, etc.

Any idea what may be going on with this?

OR, does anyone know of another way to install and use a global, system-wide email filter based on keywords as per the above?