bejbi

Well-Known Member
Jan 20, 2006
105
3
168
Poland
cPanel Access Level
DataCenter Provider
Hi,

I've installled cpamconnector. It works fine. But when clamd find a virus Sender becomes info, that he was sending virus.
Todays most of all viruses is from fake addresses. I don't want to send any mail to sender, but silently discard mail with virus.

How to do this ?
Should I seek an option with clamd ? or exim ?

Wojtek
 

bejbi

Well-Known Member
Jan 20, 2006
105
3
168
Poland
cPanel Access Level
DataCenter Provider
Thanks.

this option was set on my server to: :localuser

I set it now to :fail :

Restarting cPanel daemons ... Done
Updating your system to reflect any changes ...

Updating "Default Mail Delivery Action" from "localuser" to "fail".
"Default Mail Delivery Action" was updated.

Done.


but, it makes nothing. In my log I have (on target machine):

2007-01-01 16:53:03 1H1PTD-0000NM-Dt H=(admin2.trustnet.pl) [193.93.88.2] F=<[email protected]> rejected after DATA: Znaleziono wirusa/This message contains a virus (Eicar-Test-Signature)

and I have returned mail (on source machine):

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
SMTP error from remote mail server after end of data:
host jura.net.pl [193.93.88.5]: 550 Znaleziono wirusa/This message contains
a virus (Eicar-Test-Signature)


what it can be ?

Wojtek
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
How to do this ?
Should I seek an option with clamd ? or exim ?
You should install Clamd either through the WHM >> Main >> cPanel >> Addon Modules: clamavconnector
If you want to install the latest version of ClamAv, do it manually at the prompt.
 

bejbi

Well-Known Member
Jan 20, 2006
105
3
168
Poland
cPanel Access Level
DataCenter Provider
sorry, but can You read what is the question ?

I have installed clamd from automatic clamavconnector on cpanel. All was did was automatic.

When virus is found in incoming mail, my exim send reply do Sender, that his message contained virus. All I want is: disable that reply.

Wojtek
 

twhiting9275

Well-Known Member
Sep 26, 2002
560
27
178
cPanel Access Level
Root Administrator
Twitter
When virus is found in incoming mail, my exim send reply do Sender, that his message contained virus. All I want is: disable that reply.
You can't.
Well, actually, you CAN, but it will have to be done EVERY time cpanel updates exim. Unfortunately, this isn't one of the configurable options in CPanel. While it may be NICE, it's against RFC's to reject mail without providing a valid reason.

Now, how can you fix this?
simple:
go into /etc/exim.conf
find the line that looks like this:
Code:
  deny message = This message contains a virus or other harmful content ($malware_name)
       malware = *
       demime = *

  accept
change it to:
Code:
  deny message = 
       malware = *
       demime = *

  accept
Because the deny message is nonexistant, the bounce should be also. Note that it's been a couple years since I tried this and had it working, but this is how to do it

Then, you can fix it so that exim.conf isn't overwritten
Code:
chattr +i /etc/exim.conf
Then restart exim
Code:
service exim restart
The problem with THAT is that your exim configuration will be broken when CPanel updates exim