Results 1 to 1 of 1
-
16th Jun 2014, 12:48 PM #1
Use Exiscan to Scan For Viruses
Most responsible system administrators have implemented some form of virus scanning of incoming email to protect their users from getting viruses and to help stem the flow of these resource stealing entities. If you are a cPanel administrator, then about your only option has been Mailscanner. There are a number of HOWTOs out there that have shown people how to install Mailscanner, but just recently we've been given a much more integrated and less resource intensive solution.
Enter Exiscan.
Exiscan is a patch against exim version 4, providing support for content scanning in email messages received by exim. It works after the sending client has completed the SMTP data phase and waits for an answer from the server. Messages containing unwanted content can be rejected at that stage, so the job of generating a bounce message is the job of the sending host. Four different scanning facilities are supported: antivirus, antispam, regular expressions, and file extensions.
The beauty of this is that, as noted above, the email is rejected during the receiving process, so the unwanted message never actually enters your server, and notifies the sending server that this message is not being accepted. This takes much of the burden of processing off your server and puts it back on the server that is trying to send this to you.
This system even allows for filetype rejection! .exe, .scr, .pif, whatever you want to exclude and be excluded.
cPanel included this patch in a recent update for Exim, and you probably already have it installed, but it has not been 'plugged in' to your server.
The exiscan-acl patch adds content scanning to the exim4 ACL
system. It supports the following scanning features:
* MIME ACL that is called for all MIME parts in incoming MIME messages.
* Antivirus using 3rd party scanners.
o generic command line interface
o Sophie / Sophos
o Kaspersky's "kavdaemon" Version 4.x
o ClamAV via clamd
o MKS AntiVirus
o DRWeb AntiVirus
* Antispam using SpamAssassin.
* Full support for Brightmail Anti-Spam.
* Support for SPF.
* Regular expression match against headers, bodies, raw
MIME parts and decoded MIME parts.
These features are hooked into exim by extending exim's ACL
system. The patch adds expansion variables and ACL conditions.
These conditions are designed to be used in the acl_smtp_data
ACL. It is run when the sending host has completed the DATA
phase and is waiting for our final response to his end-of-data
marker. This allows us to reject messages containing
unwanted content at that stage.
Configuring ClamAV for Exim / Exiscan:
cd /usr/src
wget -c Page not found | Rack911
rpm -Uvh clamav-0.72-1.i386.rpm
/usr/bin/freshclam
ln -s /usr/bin/freshclam /etc/cron.daily/updateclamav
perl -pi -e "s/^Example/#Example/g" /etc/clamav.conf
perl -pi -e "s/^#MaxThreads 10/MaxThreads 5/g" /etc/clamav.conf
perl -pi -e "s/^#ScanMail/ScanMail/g" /etc/clamav.conf
perl -pi -e "s/^LocalSocket /tmp/clamd/LocalSocket /var/run/clamav/clamd/g" /etc/clamav.conf
( you should always backup your configuration file before any changes)
find the lines:
################################################## ####################
# MAIN CONFIGURATION SETTINGS #
################################################## ####################
Add the following under it:
Code:av_scanner = clamd:/var/run/clamav/clamd
################################################## ####################
# MAIN CONFIGURATION SETTINGS #
################################################## ####################
av_scanner = clamd:/var/run/clamav/clamd
next find the following
check_message:
require verify = header_sender
accept
check_message:
require verify = header_sender
######## EXISCAN ACL #########
deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *
deny message = This message contains an attachment of a type which wedo not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
######## EXISCAN ACL #########
accept
Code:Restart exim /sbin/service exim restart
Code:root@w00t [~]# /sbin/service exim restart Shutting down clamd: [FAILED] Shutting down exim: [ OK ] Shutting down antirelayd: [ OK ] Shutting down spamd: [ OK ] Starting clamd: [ OK ] Starting exim: [ OK ] Starting exim-smtps: [ OK ] Starting antirelayd: [ OK ] Starting spamd: [ OK ] root@w00t [~]#
If something dont work correctly, restore from your backup exim.conf or run /scripts/exim4 and try agian. If you still cannot get it to work contact steve @ rack911
Thanks to: Jon of Got-Management.com and to Steve of Rack911.comAreon Reviewed by Areon on . Use Exiscan to Scan For Viruses Most responsible system administrators have implemented some form of virus scanning of incoming email to protect their users from getting viruses and to help stem the flow of these resource stealing entities. If you are a cPanel administrator, then about your only option has been Mailscanner. There are a number of HOWTOs out there that have shown people how to install Mailscanner, but just recently we've been given a much more integrated and less resource intensive solution. Enter Exiscan. Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
What are filehost sites that still use paypal to pay for aff?
By myincome2020 in forum File Host DiscussionReplies: 19Last Post: 5th Nov 2012, 08:41 AM -
How to use themes from Rockettheme for PortalXL?
By nICEsHARE in forum phpBBReplies: 2Last Post: 10th Feb 2011, 03:56 AM -
Buy a site and use domain to redirect for traffic?
By techdx69 in forum Webmaster DiscussionReplies: 5Last Post: 31st May 2010, 11:47 AM -
using RL with shared IP to upload for Hotfile?
By dede110 in forum Hosting DiscussionReplies: 2Last Post: 17th Apr 2010, 06:15 PM -
Looking for tutorial on How to use VPS to run websites
By arunkumar2006 in forum Server ManagementReplies: 5Last Post: 18th May 2008, 03:45 AM
themaPoster - post to forums and...
Version 5.23 released. Open older version (or...