Anyone using Exiscan mail scanner?

haze

Well-Known Member
Dec 21, 2001
1,540
3
318
Just curious if anyone has had a chance to try out exiscan on their cpanel system? Apparently it will be coming out as an option for cpanels exim.. i believe. I really need to implement a solution ASAP, and so far cpanels mailscanner just ain't working. So.. what are your thoughts on this system?

http://duncanthrax.net/exiscan-acl/

cPanel.net Support Ticket Number:
 

jamesbond

Well-Known Member
Oct 9, 2002
737
1
168
Haven't tried it yet, but it would be great if we could have this as an alternative to mailscannner.

As it's written specifically for Exim (unlike mailscanner) it might be a better choice for CPanel.

cPanel.net Support Ticket Number:
 

TCSLEA

Active Member
Oct 29, 2003
36
0
156
Austin, T E X A S
Using EXISCAN with no problems so far

Several days ago I configured exiscan, and out of curiosity I did a search in these forums to see if anyone else was using it, or anyone else was having any problems, etc. Looks like it may not be as popular as MailScanner for now.

Turns out that the version of exim that comes with the current cPanel installation already has this feature, it's just that it's not configured to use it in the exim configuration file. Further, you need some type of antivirus to point it to, and most (but not all) of those are pay-for-it services.

I'm using it with ClamAV, which is free, and have a cron job to update the virus definitions every night. So far it's working beautifully, and I've yet to receive any virus-contaminated email since I started using exiscan.

And I was concerned that cPanel would overwrite my exim config file every night, but it hasn't happened yet. However, it looks like if you use WHM to manually edit the config file, and there happens to be a syntax error in the file, it will cause WHM to overwrite the config file with the default.

If anyone wants to try exiscan, and has problems, I'd be more than happy to post the changes I made here. I'm on a FreeBSD box, so the paths might be different, and your mileage may vary...
 

mccollin

Member
Jun 11, 2003
9
0
151
I'd love to know what you did on FreeBSD... getting bombarded with viruses and am disappointed that there isn't a solution for MailScan.
 

Marty

Well-Known Member
Oct 10, 2001
629
1
318
I would like to see the changes you made. I am not on FreeBSD but it would be interesting if the peices are already there to see how this works.
 

TCSLEA

Active Member
Oct 29, 2003
36
0
156
Austin, T E X A S
Exim with exiscan and clamav

Okay, at this point I'm trying out a trial version of another mail server, and have so many irons in the fire lately that my head is not as clear on this as it was right after I did it. I was using Exim version 4.24.3 at the time, if that matters. Having said that, here is what I can piece together from my notes:

Installed clamav from /usr/ports/security/clamav

Created a new user on the server called "clamav" with:
shell = noshell
home directory = /nonexistent
belongs to group = mail

chown /var/spool/exim/scan to clamav:mail
but I later noticed it was chown to mailnull:mailnull (maybe cPanel did that?? I also just noticed that cPanel overwrote my Exim configuration file eventually - if that happens, it circumvents the a/v software (clamav) and you have to put the modified configure file back. I made a copy of it after I modified it, and maybe you could create a cron job to copy your modified version over each night, in case cPanel overwrites the configuration file like it eventually did mine)

chmod /var/spool/exim/scan to 770

clamav conf file: /usr/local/etc/clamav.conf

clamav data directory: /usr/local/share/clamav

clamav command: /usr/local/sbin/clamd

clamav unix socket: /var/run/clamav/clamd

clamav update command: /usr/local/bin/freshclam

clamav clamscan command: /usr/local/bin/clamscan

exim config file: /usr/local/etc/exim/configure

This configure file needs some editing, but I can't find my notes on what I changed. I didn't even bother to comment my changes, it seems. *sigh*

I'll try to attach the configure file I was using at the time. Remember that cPanel may overwrite the file periodically, so keep a copy of it in that same directory if you want, BUT give it some other name. Every so often, make sure your modified version is present, and/or have cron do it.

Good luck,
Chris
 

Attachments

Last edited:

smarcellini

Well-Known Member
Mar 27, 2003
56
0
156
I get an error message "can not find av_scanner" when I add this line.

#!!# Added to enable clamav
av_scanner = clamd:/var/run/clamav/clamd

Did I miss something?
 

TCSLEA

Active Member
Oct 29, 2003
36
0
156
Austin, T E X A S
I guess it just needs to know exactly where to find clamd, and perhaps that path is not where it is. Try locating clamd like this:

locate clamd

and if that doesn't find it:

find / -name clamd -ls

and use that path. I noticed on my box that the /var/run path is actually a hard link to this path:

/usr/local/sbin/clamd

so try changing the path to the /usr/local... path above, and see if that works.

Let me know how it goes!

Chris
 

smarcellini

Well-Known Member
Mar 27, 2003
56
0
156
"av_scanner unknown" is the actually message and i still get it with the config below.

#!!# Added to enable clamav
av_scanner = clamd:/usr/local/sbin/clamd

I did the "find" command and it is in /usr/local/sbin
 

smarcellini

Well-Known Member
Mar 27, 2003
56
0
156
Well i must say, i thought i was the only one in this world smart enough to use google to troubleshoot error messages. Yes I saw that post but was at work and passed it off. I will take a closer look now and report back.

Thx for your time.
 

mr.wonderful

BANNED
Feb 1, 2004
344
1
166
Originally posted by iminteractive
Just curious if anyone has had a chance to try out exiscan on their cpanel system? Apparently it will be coming out as an option for cpanels exim.. i believe. I really need to implement a solution ASAP, and so far cpanels mailscanner just ain't working. So.. what are your thoughts on this system?

http://duncanthrax.net/exiscan-acl/

cPanel.net Support Ticket Number:
If Cpanels version of MailScanner is not working why are you wasting time with it? Install it maually and configure it manually. Then you dont have to rely on their version and you have a full version that works. Provided of course you know how to install and set it up!
 

Jeff75

Well-Known Member
Apr 11, 2003
555
0
166
Apparantly, Mailscanner can be installed on FreeBSD servers. After I attempted to do this today (which screwed up my server for 3 hours and now I have over 13,000 emails in the queue) I realized it was only for Linux. I submitted a feature request and Michael Photakis replied back with:

If you build the exim port with "WITHOUT_ALT_CONFIG_PREFIX=yes" set, mailscanner installed from the ports collection should work for you.

I would really like to put a virus scanner on the server because of all the problems with the MyDoom virus. After what I went through today, I'm a little hesitant about trying it again. If anybody else has the balls to try it please let me know how it went!

smarcellini,

The article on the site you posted looks like it's only for Linux users.