 |
|
|
Exiscan Clam Exim Autoinstaller
Last
Updated:
November 30, 1999
It is very important for this auto-installer that you have the "current release" of cPanel.
Before you run this script do the following.
1. Login to your server via SSH as root.
2. Type: /scripts/upcp
Installation of this script has failed due to a non-updated cPanel.
Once the above is done continue.
1. Since you are logged into your server as root you do not need to login again. If for some reason you have exited SSH login to your server via ssh as root now.
2. Type: wget -O exiscan-clam-exim-installer.tar.gz http://www.cpanelappz.com/download.php?file=2
The installer will reset and delete any existing mailscanner, and also delete any existing clamsca as clam even when compiled will not allow the newer version to overwrite.
3. Type: tar -xzvf exiscan-clam-exim-installer.tar.gz
4. Type: cd exiscan
5. Type: ./install
6. Login to WHM as root. (Sample: www.yourdomain.com/whm)
7. Open WHM Exim Editor
8. Switch to "advanced mode"
9. In the top box put this inside:
av_scanner = clamd:/var/run/clamav/clamd
10. Scroll down to the begin acl section. In the middle box, scroll to the last line:
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
accept
11. Now instead of the above lines, use this:
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
##### clamav ACL, reject virus infected mails with proper error
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a virus or other harmful content \
($malware_name)
demime = *
malware = *
deny message = Potentially executable content. If you meant to send this file \
then please package it up as a zip file and resend it.
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
# Add X-Scanned Header
warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
##### end clamav ACL
accept
Now you have added the ClamAV ACL which will reject e-mail incase a virus is found with the proper message and virus information. The last deny rule does the same work as antivirus.exim which is standard with cpanel, however the new rule will reject the mail at the MTA level and not allow your mailq to be clogged with bounced messages. (Thanks to webalizer, and rs-freddo)
How To Test Everything
1. Type: ail -f /var/log/exim_mainlog
2. Open your web browser and go to http://www.aleph-tec.com/eicar/index.php type a valid email id on your server. Select the check boxes below.
(P.S. Don't select the password protected zip box)
3. Click on Submit and watch your logs.(Mentioned above) You should see something like this below:
2004-05-23 03:24:21 1BReS3-0006ac-0P H=(callisto.your-site.com) [140.186.45.15] F=<> rejected after DATA:
This message contains a virus or other harmful content (Eicar-Test-Signature)
Its been tested on Fedora, RH 7.2, 7.3, RHEL + Stable Cpanel(thx to Rubas for testing), VPS on RHEL(thx to cbwass) . Incase it doesn't work on any other os just let me know i will see what i can do to help.
Post questions inside cpanel forums at
http://forums.cpanel.net/showthread.php?s=&threadid=24541
|
|
|
|
