drop e-mails contains viruses

[bejbi]

Hi,

I've installled cpamconnector. It works fine. But when clamd find a virus Sender becomes info, that he was sending virus.
Todays most of all viruses is from fake addresses. I don't want to send any mail to sender, but silently discard mail with virus.

How to do this ?
Should I seek an option with clamd ? or exim ?

Wojtek

 

[mohit]

hi,
seems you have default ID set to other than :fail:
read more at http://www.configserver.com/free/fail.html


See ya,
mohit

 

[bejbi]

Thanks.

this option was set on my server to: :localuser

I set it now to :fail :

Restarting cPanel daemons ... Done
Updating your system to reflect any changes ...

Updating "Default Mail Delivery Action" from "localuser" to "fail".
"Default Mail Delivery Action" was updated.

Done.

but, it makes nothing. In my log I have (on target machine):

2007-01-01 16:53:03 1H1PTD-0000NM-Dt H=(admin2.trustnet.pl) [193.93.88.2] F=<[email protected]> rejected after DATA: Znaleziono wirusa/This message contains a virus (Eicar-Test-Signature)

and I have returned mail (on source machine):

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mail server after end of data:
host jura.net.pl [193.93.88.5]: 550 Znaleziono wirusa/This message contains
a virus (Eicar-Test-Signature)

what it can be ?

Wojtek

 

[Aric1]

Eicar is a "test" virus. You use it to make sure your virus checker is working. It's not really a virus, just a file that all virus checkers report as one.

http://www.eicar.org/anti_virus_test_file.htm

 

[AndyReed]

How to do this ?
Should I seek an option with clamd ? or exim ?

You should install Clamd either through the WHM >> Main >> cPanel >> Addon Modules: clamavconnector
If you want to install the latest version of ClamAv, do it manually at the prompt.

 

[bejbi]

sorry, but can You read what is the question ?

I have installed clamd from automatic clamavconnector on cpanel. All was did was automatic.

When virus is found in incoming mail, my exim send reply do Sender, that his message contained virus. All I want is: disable that reply.

Wojtek

 

[twhiting9275]

When virus is found in incoming mail, my exim send reply do Sender, that his message contained virus. All I want is: disable that reply.

You can't.
Well, actually, you CAN, but it will have to be done EVERY time cpanel updates exim. Unfortunately, this isn't one of the configurable options in CPanel. While it may be NICE, it's against RFC's to reject mail without providing a valid reason.

Now, how can you fix this?
simple:
go into /etc/exim.conf
find the line that looks like this:

  deny message = This message contains a virus or other harmful content ($malware_name)
       malware = *
       demime = *

  accept

change it to:

  deny message = 
       malware = *
       demime = *

  accept

Because the deny message is nonexistant, the bounce should be also. Note that it's been a couple years since I tried this and had it working, but this is how to do it

Then, you can fix it so that exim.conf isn't overwritten

chattr +i /etc/exim.conf

Then restart exim

service exim restart

The problem with THAT is that your exim configuration will be broken when CPanel updates exim