HOW TO: Exim, Exiscan, & ClamAV

Really great article, Wish! Thanks!

I've been using MailScanner (with McAffee's VirusScan), but it's a HUGE processor and memory hog, so I'm seriously considering moving to Exiscan. I've managed to create a patched Exim for Cpanel RPM. But, after I installed it, without even modifying the exim.conf file, Exim started rejecting e-mails, like this (domais and IP altered for privacy):

2004-05-04 02:25:25 H=(remote.mailserver.com) [64.11.11.11] F=<some@sender.com> temporarily rejected RCPT <local@email.com>: cannot test verify in RCPT ACL

The e-mail queue grew wildly, so I had to return to my previous config. Question is: did you have the same problem? Do you know what that error is?

Thx!
-Dario

 

Thanks for the help! Turns out that I applied patch

exiscan-acl-4.30-13

which had a bug! I reapplied patch version -14, which, in my defense, was not mentioned in the Exiscan changelog, and it worked.

-Dario

 

Does exiscan actually work with lower levels? I'd be interested in trying ths out if so. I use MailScanner and have noticed processor hogging with mailing lists..

Brenden

 

i am interested in why did u chosse exisan over MailScanner or if u considered MailScanner at all?

 

bash# rpmbuild --recompile exim-4*
bash: rpmbuild: command not found

I use FreeBSD. Ports does not contain rpmbuild ;(

 

BTW Nicks just released exim 4.34 that includes the exiacl patches. So you can skip a lot of the steps. I might update it later today if i get chance.

 

I would be interested in how to use exiscan with the new 4.34

 

Same here, any updates?

 

I got it working perfectly fine with the new exim. I have the auto installer also ready on this. Just finishing my notes, once done i will post everything here.

 

anand, could you also post what the advantages/disadvantages are to this over mailscanner? Does exiscan come with quarantine functions and the like? Does it add {virus?} or some other text to e-mails? Can it be customized?

Sorry. I'm too lazy to test it myself.

 

hey casey

The only thing i can say is the advantages are very serious, i got this running on 10 servers till now and on all servers i saw improvement on cpu loads. Mailscanner was choking the server with mail traffic increasing, atleast with this the load is reduced.

As for quarantine, understand this, the patch allows you to reject mail at the MTA level, so basically the mail doesn't enter your queue. This helps in reducing the load on the server considerably.

Let me know if i confused you.

 

Cool!

 

Loads dropped from 2.00+ (quite often it would jump to 10+) to 0.40!!

 

Nope, not at all. I'm almost sold on it.

What I meant by the quarantine, though, is when a virus is found. What happens to emails with viruses? Does the sender get the email returned to him or is it just rejected? My customers will want one of the following:

1) If viruses are stripped and delivered, they will want to be able to retrieve the original message if it was a wrongful detection.

2) If viruses are simply rejected, the customers will want the email returned to the sender, so that again, if a message is wrongfully detected the sender will know to send again by some other means.

 

no exim .src available

Hello there!

Problem here with rebuilding Exim ... as there is no .src available for any of the newer Exim relases. I have two RH 9 servers, but the same seems true for RHEL. cPanel v. 9.2.x comes with exim-4.34, but I just don't see any source code for that:

http://diff.cpanel.net/exim-cpanel7.2.0/s9/

Any suggestions?? First downgrading cPanel, then installing, and later upgradinga again?? By the way, would any cPanel upgrade overwrite the anti-virus package installed in this thread?

John

 

:D

The mail is rejected moment the virus info is found in them with info as "Mailware or Virus found in mail (Virus Name)". This looks like those mail server errors which you usually see.

The mail is just completely rejected. When exim accepts the data section, clam scans for virus or malware stuff, if found, the mail session is closed with an MTA error retuned to the sender stating that there is malware or virus.

I have been closely watching the 10 servers i have this installed now, the load has been very low on them. To compare it, with mailscanner i hardly remember a time when i saw the load less than 4-5, even shot up to 10 at times with heavy mail traffic. Now the load sits cool at < 1, i think thats a considerable gain

Just got stuck with something more, i have everything ready and with the auto installer it should be a piece of cake for anyone to install. I will try to post info asap.

 

Re: no exim .src available

Just upgrade to current releases, run the following on shell

/scripts/updated
/scripts/updatenow
/scripts/exim4

This should give you the new exim.