Excluding some hosts from clamav scanning.

[MattGetWeb]

Due to all the extra virus laden email getting around the last couple of weeks, I'd like to move my email filtering to a dedicated mailscanner server. I want to set up exim on the cPanel box to not (re-)scan mail that is delivered via the mailscanner server.

When I go to WHM -> Service Configuration -> Exim Config Editor -> Advanced Mode, in the very top box I have

av_scanner = clamd:/var/clamd
log_selector = +all -ident_timeout

Do I just change the above to this?

av_scanner = clamd:/var/clamd
!hosts = <ip or hostname of filtering server>
log_selector = +all -ident_timeout

 

[chirpy]

No, that won't work as that area is not for ACL's. Why not simply disable clamav on that server if your email is already being scanned elsewhere?

 

[MattGetWeb]

No, that won't work as that area is not for ACL's. Why not simply disable clamav on that server if your email is already being scanned elsewhere?

Thanks, chirpy. I'll be keeping that server as a secondary MX. I'm mainly just trying to have the majority of mail hit the filtering box first to help ease the load on the cPanel box. It's crazy, but for the each of the last two weeks my filters have rejected double what they have previously (mainly due to sober.u). When looked at as an increase of thousands per day, the constant filtering adds a not insignificant load to an aging box.

OK, so in the ACL area, I have this.

##### clamav ACL, reject virus infected mails with proper error

deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

deny message = This message contains a virus or other harmful content \
($malware_name)
demime = *
malware = *

deny message = Potentially executable content. If you meant to send this file \
then please package it up as a zip file and resend it.
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

# Add X-Scanned Header

warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

##### end clamav ACL

Should I put my !hosts line in below each of the deny message directives?

 

[chirpy]

TBH, I'd suggest having a look at the rvskin procedures for black/whitelisting with ClamAV and the like if you want to do inline scanning (my preference is for MailScanner):
http://www.rvskin.com/index.php?page=public/antispam

 

[MattGetWeb]

TBH, I'd suggest having a look at the rvskin procedures for black/whitelisting with ClamAV and the like if you want to do inline scanning (my preference is for MailScanner):
http://www.rvskin.com/index.php?page=public/antispam

Thanks, chirpy. That page has heaps of good info. Much appreciated.