HOW TO: Exim, Exiscan, & ClamAV

wish

Member
Aug 14, 2003
9
0
151
I was keen on getting exiscan to work with CPanel, but I couldn't find much on it or many that had done it, so after working through it, I put this together as a cookbook for setting up exiscan on systems identical to ours.

I tried to include enough information so that others can puzzle it out for their own systems. Exiscan works like a charm for us, and I'm very happy with it. Your mileage may vary, of course.

The text is a bit too long for a post, so I've attached it as a file.

This is a work in progress...comments are encouraged.
 

Attachments

dario2

Member
Sep 21, 2002
12
0
151
Really great article, Wish! Thanks!

I've been using MailScanner (with McAffee's VirusScan), but it's a HUGE processor and memory hog, so I'm seriously considering moving to Exiscan. I've managed to create a patched Exim for Cpanel RPM. But, after I installed it, without even modifying the exim.conf file, Exim started rejecting e-mails, like this (domais and IP altered for privacy):

2004-05-04 02:25:25 H=(remote.mailserver.com) [64.11.11.11] F=<[email protected]> temporarily rejected RCPT <[email protected]>: cannot test verify in RCPT ACL

The e-mail queue grew wildly, so I had to return to my previous config. Question is: did you have the same problem? Do you know what that error is?

Thx!
-Dario
 

wish

Member
Aug 14, 2003
9
0
151
Thanks.

No, I didn't see this problem. If exim is having trouble with verify in the RCPT ACL, first I'd look at what user your new RPM build is running under (not likely to be your problem, but...), then verify that the exim config file was not overwritten or that even a different one is being used by your new build.
 

dario2

Member
Sep 21, 2002
12
0
151
Thanks for the help! Turns out that I applied patch

exiscan-acl-4.30-13

which had a bug! I reapplied patch version -14, which, in my defense, was not mentioned in the Exiscan changelog, and it worked.

-Dario
 

tAzMaNiAc

Well-Known Member
Feb 16, 2003
558
0
166
Sachse, TX
Does exiscan actually work with lower levels? I'd be interested in trying ths out if so. I use MailScanner and have noticed processor hogging with mailing lists..

Brenden
 

tawfiq

Active Member
Mar 13, 2004
37
0
156
i am interested in why did u chosse exisan over MailScanner or if u considered MailScanner at all?
 

wish

Member
Aug 14, 2003
9
0
151
Brenden: It's not so much that exiscan works at a lower level but that it works at SMTP connect, instead of after mail has been accepted. Scanning during the SMTP dialog seems to be less resource intensive on several levels.

tawfiq: MailScanner is excellent, best-in-class even. Our current server was seeing what Brenden was seeing: high cpu loads. We wanted to see if exiscan could help us. So far it has, though I don't have anything but anectdotal evidence, no hard tests, since our server isn't up to full load yet.

I'd be very interested to hear what others experience if they decide to try exiscan.
 

rs-freddo

Well-Known Member
May 13, 2003
828
1
168
Australia
cPanel Access Level
Root Administrator
Originally posted by chrisbond
BTW Nicks just released exim 4.34 that includes the exiacl patches. So you can skip a lot of the steps. I might update it later today if i get chance.
I would be interested in how to use exiscan with the new 4.34
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
I got it working perfectly fine with the new exim. I have the auto installer also ready on this. Just finishing my notes, once done i will post everything here.
 

casey

Well-Known Member
Jan 17, 2003
2,288
0
191
Originally posted by anand
I got it working perfectly fine with the new exim. I have the auto installer also ready on this. Just finishing my notes, once done i will post everything here.
anand, could you also post what the advantages/disadvantages are to this over mailscanner? Does exiscan come with quarantine functions and the like? Does it add {virus?} or some other text to e-mails? Can it be customized?

Sorry. I'm too lazy to test it myself.:)
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
Originally posted by casey
anand, could you also post what the advantages/disadvantages are to this over mailscanner? Does exiscan come with quarantine functions and the like? Does it add {virus?} or some other text to e-mails? Can it be customized?

Sorry. I'm too lazy to test it myself.:)
hey casey :)

The only thing i can say is the advantages are very serious, i got this running on 10 servers till now and on all servers i saw improvement on cpu loads. Mailscanner was choking the server with mail traffic increasing, atleast with this the load is reduced.

As for quarantine, understand this, the patch allows you to reject mail at the MTA level, so basically the mail doesn't enter your queue. This helps in reducing the load on the server considerably.

Let me know if i confused you. ;)
 

casey

Well-Known Member
Jan 17, 2003
2,288
0
191
Originally posted by anand

Let me know if i confused you. ;)
Nope, not at all. I'm almost sold on it. :)

What I meant by the quarantine, though, is when a virus is found. What happens to emails with viruses? Does the sender get the email returned to him or is it just rejected? My customers will want one of the following:

1) If viruses are stripped and delivered, they will want to be able to retrieve the original message if it was a wrongful detection.

2) If viruses are simply rejected, the customers will want the email returned to the sender, so that again, if a message is wrongfully detected the sender will know to send again by some other means.
 

JohnL

Member
Apr 10, 2003
12
0
151
no exim .src available

Hello there!

Problem here with rebuilding Exim ... as there is no .src available for any of the newer Exim relases. I have two RH 9 servers, but the same seems true for RHEL. cPanel v. 9.2.x comes with exim-4.34, but I just don't see any source code for that:

http://diff.cpanel.net/exim-cpanel7.2.0/s9/

Any suggestions?? First downgrading cPanel, then installing, and later upgradinga again?? By the way, would any cPanel upgrade overwrite the anti-virus package installed in this thread?

John
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
Originally posted by casey
Nope, not at all. I'm almost sold on it. :)

:D
What I meant by the quarantine, though, is when a virus is found. What happens to emails with viruses? Does the sender get the email returned to him or is it just rejected?
The mail is rejected moment the virus info is found in them with info as "Mailware or Virus found in mail (Virus Name)". This looks like those mail server errors which you usually see.

My customers will want one of the following:

1) If viruses are stripped and delivered, they will want to be able to retrieve the original message if it was a wrongful detection.

2) If viruses are simply rejected, the customers will want the email returned to the sender, so that again, if a message is wrongfully detected the sender will know to send again by some other means.
The mail is just completely rejected. When exim accepts the data section, clam scans for virus or malware stuff, if found, the mail session is closed with an MTA error retuned to the sender stating that there is malware or virus.

I have been closely watching the 10 servers i have this installed now, the load has been very low on them. To compare it, with mailscanner i hardly remember a time when i saw the load less than 4-5, even shot up to 10 at times with heavy mail traffic. Now the load sits cool at < 1, i think thats a considerable gain :)

Just got stuck with something more, i have everything ready and with the auto installer it should be a piece of cake for anyone to install. I will try to post info asap.
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
Re: no exim .src available

Originally posted by JohnL
Hello there!

Problem here with rebuilding Exim ... as there is no .src available for any of the newer Exim relases. I have two RH 9 servers, but the same seems true for RHEL. cPanel v. 9.2.x comes with exim-4.34, but I just don't see any source code for that:

http://diff.cpanel.net/exim-cpanel7.2.0/s9/

Any suggestions?? First downgrading cPanel, then installing, and later upgradinga again?? By the way, would any cPanel upgrade overwrite the anti-virus package installed in this thread?

John
Just upgrade to current releases, run the following on shell

/scripts/updated
/scripts/updatenow
/scripts/exim4

This should give you the new exim.