clamd - does it integrate with exim?

[santrix]

I installed Clamav via "Main >> cPanel >> Manage Plugins" within WHM.

All seems fine, but it's not clear how/if this is integrated with exim.

Sure enough, clamav shows up in user's control panels, so they can do a manual scan of their home directory/mail etc, but what I was hoping for is some indication that it has hooked into exim, and will scan mail that passes through.

So, the question is, does clamav installed in this way automatically scan messages handled by exim or not, and if not is there a documented way of making it so? It seems pretty pointless installing it if all it does is allow manual scanning via individual users' cpanels.

This also brings the question - in "Main >> Service Configuration >> Exim Configuration Editor" - what does "Attachments: Filter dangerous attachments" do exactly? It's not documented anywhere I can see... does this option have any impact on the operation of clamav?

Thanks.

 

[santrix]

come on guys... this must be a simple yes or no - I still can't get a straight answer from googling about.

 

[sparek-3]

It interfaces with exim, though I'm just not sure if it automatically creates the necessary configuration lines in the exim.conf file when the clamav plugin is installed. I think it does, but I would not necessarily hold me to that.

Send yourself a test message with the Eicar test string

http://www.eicar.org/anti_virus_test_file.htm

grep the exim_mainlog when you send this and see if it is reported:

tail -f /var/log/exim_mainlog | grep virus

 

[britsenigma]

I might be wronb, but I'm pretty sure you have to actively scan for a virus. So the user actives the scanner from the control panel.

ASSP Deluxe uses ClamD as part of it's filtering process, so that's one way to do it, but it will cost you.

 

[santrix]

I have seen ASSP and am interested in knowing how good it is, in terms of stability, integration with cpanel/whm, and most importantly for me, if it is manageable by someone with intermediate linux skills?

 

[John W]

I have seen ASSP and am interested in knowing how good it is, in terms of stability, integration with cpanel/whm, and most importantly for me, if it is manageable by someone with intermediate linux skills?

Well, for what it's worth I have less than intermediate skills and ASSP Deluxe has great instructions and it's worked amazingly well for me since Nov 07 and continues to improve. The cost seems well worth it to me.

 

[chrishorgan]

I'm trying to get Exim to work with ClamAV (clamd) too.

Done the usual install - ran plugin in "Main >> cPanel >> Manage Plugins".
Gone into WHM>>Plugins>>Configure ClamAW Scanner and checked all the boxes.

A line is put in the exim.conf file...
av_scanner = clamd:/var/clamd

The scanner works when manually scanning.

So you think you are safe - BUT NO!

I've successfully sent the virus test file from one mail account to another undetected.

So something else needs doing.

Not sure what to do - but I'm looking at these leads...

The Exim docs has some info on Clamd here...
http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html

Then there is the ClamAV plugin for Spamassassin
http://wiki.apache.org/spamassassin/ClamAVPlugin

I though CPanel comes with free virus scanning? Surely it can't be this hard.