[PLUG] [baloo at ursine.ca: exim4: How to stop viruses at SMTP time]

[Paul Johnson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For those who don't have the time to read this now, or who want to
bookmark it, it's on my website.  http://ursine.ca/~baloo/

The Virus Infected Blackhole List is dead, both mine and the one that
used to be vbl.messagelabs.com.  So what's a postmaster to do?

This is my new solution to the Virus Infected Blackhole List.  I got
tired of maintaining it.  That's a damn good trick, since as of this
writing (10/17/2003), I have a crappy job watching a door 10 hours a
night, four nights a week, at a children's hospital and you *need*
something to keep your mind occupied and off the *increadably*
depressing surroundings.

Start off with exim4-daemon-heavy, clamav-daemon, and
clamav-freshclam.  It's in sid.  If you're using woody, go find a
backport, please do not pin, as this *will* break your system.  Go
read the debian-user archives for why.

Get it working.  If you successfully installed it, it's probably
working.

Edit /etc/exim4/conf.d/acl/40_exim4-config_check_data and add this
before the accept comment at the end.

  # Deny viruses.

  deny message = Message contains malware or a virus ($malware_name).
       log_message = $sender_host_address tried sending $malware_name
       demime = *
       malware = *

Now, go edit /etc/exim4/conf.d/main/01_exim4-config_listmacros and add
this below the banner at the top.

  av_scanner = clamd:/var/run/clamd.ctl

Restart exim4.  Congratulations, you now bounce viruses at SMTP time.

- -- 
 .''`.     Paul Johnson <baloo at ursine.ca>
: :'  :    
`. `'`     proud Debian admin and user
  `-  Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/kAheUzgNqloQMwcRAg3NAKCoDixBjVKHKT0d3F/7i2hrOsY0EACdGs9l
iQRzy0DDwGJZzFMgNDq15nE=
=xXe9
-----END PGP SIGNATURE-----