The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Excluding some hosts from clamav scanning.

Discussion in 'General Discussion' started by MattGetWeb, Nov 29, 2005.

  1. MattGetWeb

    MattGetWeb Well-Known Member

    Joined:
    Aug 4, 2005
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Due to all the extra virus laden email getting around the last couple of weeks, I'd like to move my email filtering to a dedicated mailscanner server. I want to set up exim on the cPanel box to not (re-)scan mail that is delivered via the mailscanner server.

    When I go to WHM -> Service Configuration -> Exim Config Editor -> Advanced Mode, in the very top box I have

    Code:
    av_scanner = clamd:/var/clamd
    log_selector = +all -ident_timeout
    
    Do I just change the above to this?

    Code:
    av_scanner = clamd:/var/clamd
    !hosts = <ip or hostname of filtering server>
    log_selector = +all -ident_timeout
    
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, that won't work as that area is not for ACL's. Why not simply disable clamav on that server if your email is already being scanned elsewhere?
     
  3. MattGetWeb

    MattGetWeb Well-Known Member

    Joined:
    Aug 4, 2005
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Thanks, chirpy. I'll be keeping that server as a secondary MX. I'm mainly just trying to have the majority of mail hit the filtering box first to help ease the load on the cPanel box. It's crazy, but for the each of the last two weeks my filters have rejected double what they have previously (mainly due to sober.u). When looked at as an increase of thousands per day, the constant filtering adds a not insignificant load to an aging box. ;)

    OK, so in the ACL area, I have this.

    Code:
    ##### clamav ACL, reject virus infected mails with proper error
    
    deny message = This message contains malformed MIME ($demime_reason).
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    
    deny message = This message contains a virus or other harmful content \
    ($malware_name)
    demime = *
    malware = *
    
    deny message = Potentially executable content. If you meant to send this file \
    then please package it up as a zip file and resend it.
    demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
    
    # Add X-Scanned Header
    
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
    
    ##### end clamav ACL
    
    Should I put my !hosts line in below each of the deny message directives?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  5. MattGetWeb

    MattGetWeb Well-Known Member

    Joined:
    Aug 4, 2005
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Thanks, chirpy. That page has heaps of good info. Much appreciated. :)
     
Loading...

Share This Page