Clamav
Since we're running exim, we can install and configure clamav for virus and malware scanning.
cd /usr/ports/security/clamav
make install
When installing, do not compile with the milter option. The install should add a clamav user/group and add the clamav user to the mail group - check this has been done. The installation creates rc startup scripts for the clamav and freshclam daemons - freshclam is used to keep our known virus database up to date. For these to take effect, edit /etc/rc.conf to include:
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
Start the daemons to check that they run OK:
/usr/local/etc/rc.d/clamav-clamd start
/usr/local/etc/rc.d/clamav-freshclam start
Some test files are provided in the install directory, and we can run a test scan:
clamdscan /usr/ports/security/clamav/work/clamav-0.90.1/test
The output from the above was:
/usr/ports/security/clamav/work/clamav-0.90.1/test/clam-v2.rar: ClamAV-Test-File FOUND
/usr/ports/security/clamav/work/clamav-0.90.1/test/clam-v3.rar: ClamAV-Test-File FOUND
/usr/ports/security/clamav/work/clamav-0.90.1/test/clam.exe: ClamAV-Test-File FOUND
/usr/ports/security/clamav/work/clamav-0.90.1/test/clam.zip: ClamAV-Test-File FOUND
/usr/ports/security/clamav/work/clamav-0.90.1/test/clam.exe.bz2: ClamAV-Test-File FOUND
----------- SCAN SUMMARY -----------
Infected files: 5
Time: 0.112 sec (0 m 0 s)
So far so good. Now, configure /etc/newsyslog.conf to rotate clamav logfiles:
/var/log/clamav/clamd.log 640 10000 * $M1D0 J
/var/log/clamav/freshclam.log 640 10000 * $M1D0 J
edit the above options to your own taste.
To get it working with exim, edit /etc/exim.conf and look for the line starting
# Specify your host's canonical name here
Just before that add:
av_scanner = clamd:/var/run/clamav/clamd
Also in the check_message acl, change:
check_message:
accept
to
check_message:
deny message = This message contains a virus or other malware ($malware_name)
malware = *
accept
Restart exim and we're done.
