[PLUG] [baloo at ursine.ca: exim4: How to stop viruses at SMTP time]
Paul Johnson
baloo at ursine.ca
Fri Oct 17 08:19:02 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For those who don't have the time to read this now, or who want to
bookmark it, it's on my website. http://ursine.ca/~baloo/
The Virus Infected Blackhole List is dead, both mine and the one that
used to be vbl.messagelabs.com. So what's a postmaster to do?
This is my new solution to the Virus Infected Blackhole List. I got
tired of maintaining it. That's a damn good trick, since as of this
writing (10/17/2003), I have a crappy job watching a door 10 hours a
night, four nights a week, at a children's hospital and you *need*
something to keep your mind occupied and off the *increadably*
depressing surroundings.
Start off with exim4-daemon-heavy, clamav-daemon, and
clamav-freshclam. It's in sid. If you're using woody, go find a
backport, please do not pin, as this *will* break your system. Go
read the debian-user archives for why.
Get it working. If you successfully installed it, it's probably
working.
Edit /etc/exim4/conf.d/acl/40_exim4-config_check_data and add this
before the accept comment at the end.
# Deny viruses.
deny message = Message contains malware or a virus ($malware_name).
log_message = $sender_host_address tried sending $malware_name
demime = *
malware = *
Now, go edit /etc/exim4/conf.d/main/01_exim4-config_listmacros and add
this below the banner at the top.
av_scanner = clamd:/var/run/clamd.ctl
Restart exim4. Congratulations, you now bounce viruses at SMTP time.
- --
.''`. Paul Johnson <baloo at ursine.ca>
: :' :
`. `'` proud Debian admin and user
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/kAheUzgNqloQMwcRAg3NAKCoDixBjVKHKT0d3F/7i2hrOsY0EACdGs9l
iQRzy0DDwGJZzFMgNDq15nE=
=xXe9
-----END PGP SIGNATURE-----
More information about the PLUG
mailing list