Debian Exim4 mail server with Clamav support.

Debian_Mail_Server_with_Anti-Virus.md

Environment

• Debian: Jessie
• Mail Server: Exim
• Anti-Virus: Clamav

Install packages

1. apt-get install clamav clamav-daemon exim4-daemon-heavy

Configuration of Clamav

1. adduser clamav Debian-exim
2. Modify /etc/clamav/clamd.conf (<0.99.2)
   • AllowSupplementaryGroups true
3. service clamav-daemon restart

Configuration of Exim4

1. dpkg-reconfigure exim4-config
   • Set config to split
2. Modify /etc/exim4/conf.d/main/02_exim4-config_options
   • Uncomment av_scanner = clamd:/var/run/clamav/clamd.ctl
3. Modify /etc/exim4/conf.d/acl/40_exim4-config_check_data
   • Uncomment

       deny
         malware = *
         message = This message was detected as possible malware ($malware_name).
     

4. chmod -Rf g+w /var/spool/exim4
5. chmod -Rf g+s /var/spool/exim4
6. service exim4 restart

Test with exim4 command

1. wget -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt
2. exim4 -bmalware /tmp/eicar.com.txt

Test Environment (SMTP Protocol)

1. telnet localhost 25
2. helo localhost
3. mail from: <[email protected]>
4. rcpt to: <user@localhost>
5. data
6. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
7. .
8. The SMTP server will send a message about detected malware.

Reference

• http://hswong3i.net/blog/hswong3i/exim4-clamav-spamassassin-greylistd-debian-etch-mini-howto
• http://michaelfranzl.com/2013/09/07/setting-up-exim4-mail-transfer-agent-with-spam-filtering-greylisting-and-anti-virus/
• http://www.eicar.org/85-0-Download.html
• https://help.ubuntu.com/community/EximClamAV
• https://technet.microsoft.com/zh-tw/library/aa995718%28v=exchg.65%29.aspx
• https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html

Yeah, it was removed in/around: https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html

I think that the (<0.99.2) thing hints that it's only when clamav is older than that...