Excluding some hosts from clamav scanning.

MattGetWeb

Well-Known Member
Aug 4, 2005
49
0
156
Due to all the extra virus laden email getting around the last couple of weeks, I'd like to move my email filtering to a dedicated mailscanner server. I want to set up exim on the cPanel box to not (re-)scan mail that is delivered via the mailscanner server.

When I go to WHM -> Service Configuration -> Exim Config Editor -> Advanced Mode, in the very top box I have

Code:
av_scanner = clamd:/var/clamd
log_selector = +all -ident_timeout
Do I just change the above to this?

Code:
av_scanner = clamd:/var/clamd
!hosts = <ip or hostname of filtering server>
log_selector = +all -ident_timeout
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
No, that won't work as that area is not for ACL's. Why not simply disable clamav on that server if your email is already being scanned elsewhere?
 

MattGetWeb

Well-Known Member
Aug 4, 2005
49
0
156
chirpy said:
No, that won't work as that area is not for ACL's. Why not simply disable clamav on that server if your email is already being scanned elsewhere?
Thanks, chirpy. I'll be keeping that server as a secondary MX. I'm mainly just trying to have the majority of mail hit the filtering box first to help ease the load on the cPanel box. It's crazy, but for the each of the last two weeks my filters have rejected double what they have previously (mainly due to sober.u). When looked at as an increase of thousands per day, the constant filtering adds a not insignificant load to an aging box. ;)

OK, so in the ACL area, I have this.

Code:
##### clamav ACL, reject virus infected mails with proper error

deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

deny message = This message contains a virus or other harmful content \
($malware_name)
demime = *
malware = *

deny message = Potentially executable content. If you meant to send this file \
then please package it up as a zip file and resend it.
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

# Add X-Scanned Header

warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

##### end clamav ACL
Should I put my !hosts line in below each of the deny message directives?
 

MattGetWeb

Well-Known Member
Aug 4, 2005
49
0
156