The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

drop e-mails contains viruses

Discussion in 'cPanel Developers' started by bejbi, Dec 31, 2006.

  1. bejbi

    bejbi Well-Known Member

    Joined:
    Jan 20, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Czestochowa, Poland
    cPanel Access Level:
    DataCenter Provider
    Hi,

    I've installled cpamconnector. It works fine. But when clamd find a virus Sender becomes info, that he was sending virus.
    Todays most of all viruses is from fake addresses. I don't want to send any mail to sender, but silently discard mail with virus.

    How to do this ?
    Should I seek an option with clamd ? or exim ?

    Wojtek
     
  2. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
  3. bejbi

    bejbi Well-Known Member

    Joined:
    Jan 20, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Czestochowa, Poland
    cPanel Access Level:
    DataCenter Provider
    Thanks.

    this option was set on my server to: :localuser

    I set it now to :fail :

    Restarting cPanel daemons ... Done
    Updating your system to reflect any changes ...

    Updating "Default Mail Delivery Action" from "localuser" to "fail".
    "Default Mail Delivery Action" was updated.

    Done.


    but, it makes nothing. In my log I have (on target machine):

    2007-01-01 16:53:03 1H1PTD-0000NM-Dt H=(admin2.trustnet.pl) [193.93.88.2] F=<xxxxxxx@trustnet.pl> rejected after DATA: Znaleziono wirusa/This message contains a virus (Eicar-Test-Signature)

    and I have returned mail (on source machine):

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    yyyyyyyyyyy@jura.net.pl
    SMTP error from remote mail server after end of data:
    host jura.net.pl [193.93.88.5]: 550 Znaleziono wirusa/This message contains
    a virus (Eicar-Test-Signature)


    what it can be ?

    Wojtek
     
  4. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You should install Clamd either through the WHM >> Main >> cPanel >> Addon Modules: clamavconnector
    If you want to install the latest version of ClamAv, do it manually at the prompt.
     
  6. bejbi

    bejbi Well-Known Member

    Joined:
    Jan 20, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Czestochowa, Poland
    cPanel Access Level:
    DataCenter Provider
    sorry, but can You read what is the question ?

    I have installed clamd from automatic clamavconnector on cpanel. All was did was automatic.

    When virus is found in incoming mail, my exim send reply do Sender, that his message contained virus. All I want is: disable that reply.

    Wojtek
     
  7. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    You can't.
    Well, actually, you CAN, but it will have to be done EVERY time cpanel updates exim. Unfortunately, this isn't one of the configurable options in CPanel. While it may be NICE, it's against RFC's to reject mail without providing a valid reason.

    Now, how can you fix this?
    simple:
    go into /etc/exim.conf
    find the line that looks like this:
    Code:
      deny message = This message contains a virus or other harmful content ($malware_name)
           malware = *
           demime = *
    
      accept
    
    change it to:
    Code:
      deny message = 
           malware = *
           demime = *
    
      accept
    
    Because the deny message is nonexistant, the bounce should be also. Note that it's been a couple years since I tried this and had it working, but this is how to do it

    Then, you can fix it so that exim.conf isn't overwritten
    Code:
    chattr +i /etc/exim.conf
    
    Then restart exim
    Code:
    service exim restart
    
    The problem with THAT is that your exim configuration will be broken when CPanel updates exim
     
Loading...
Similar Threads - drop mails contains
  1. mesut85u2
    Replies:
    14
    Views:
    1,320

Share This Page