Introduction

This page describes how to integrate ClamAV (virus scanner) and Exim4 (mail server).

Required packages

You must have the following packages installed

  • exim4-daemon-heavy
  • clamav-daemon

Configuring Exim to use ClamAV

If you are using a split configuration file, create the file /etc/exim4/conf.d/main/50_local_clamav with the following content: 

CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/conf.d/local-acl
av_scanner = clamd:/var/run/clamav/clamd.ctl

Otherwise, insert those two lines into your exim4.conf.

  • Warning /!\ Note that the sample exim4.conf specifies an incorrect av_scanner path of clamd:/tmp/clamd

Next, create the file /etc/exim4/conf.d/local-acl with the following content: 

  deny
   malware = *
   message = This message was detected as possible malware ($malware_name).

Restart exim4

Reconfigure exim4 so that it picks up your changes. Normally, this is with the command 

# dpkg-reconfigure exim4-config

Accepting all the defaults should be OK.

Allow ClamAV to access the Exim mail spool

Add the clamav daemon user to the Debian-exim group, so that it can access the spool files. 

# usermod -a -G Debian-exim clamav

Restart clamav-daemon

After changing the daemon's groups, you must restart the daemon so that it acquires the new groups 

# /etc/init.d/clamav-daemon restart

Testing

Test your email server by mailing it a copy of EICAR test virus (eicar.com)

The mail server should reject the message immediately.

See Also

  • ClamAV - The ClamAV anti-virus

  • Exim4 - The Exim mail server

categoryInternet

EximClamAV (last edited 2013-02-26 04:41:43 by 242)