You must have the following packages installed
Configuring Exim to use ClamAV
If you are using a split configuration file, create the file /etc/exim4/conf.d/main/50_local_clamav with the following content:
CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/local-acl av_scanner = clamd:/var/run/clamav/clamd.ctl
Otherwise, insert those two lines into your exim4.conf.
Note that the sample exim4.conf specifies an incorrect av_scanner path of clamd:/tmp/clamd
Next, create the file /etc/exim4/conf.d/local-acl with the following content:
deny malware = * message = This message was detected as possible malware ($malware_name).
Reconfigure exim4 so that it picks up your changes. Normally, this is with the command
# dpkg-reconfigure exim4-config
Accepting all the defaults should be OK.
Allow ClamAV to access the Exim mail spool
Add the clamav daemon user to the Debian-exim group, so that it can access the spool files.
# usermod -a -G Debian-exim clamav
After changing the daemon's groups, you must restart the daemon so that it acquires the new groups
# /etc/init.d/clamav-daemon restart
Test your email server by mailing it a copy of EICAR test virus (eicar.com)
The mail server should reject the message immediately.