01de455cf9
I'm bumping PORTREVISION for this, because it allowed Mimail.C to slip through. :-( Submitted by: Phil White <exim@radagast.itmagic.ltd.uk>
46 lines
1.3 KiB
Text
46 lines
1.3 KiB
Text
The following steps will enable clamd malware scanning using exiscan ACLs.
|
|
It is important to follow them in sequence.
|
|
|
|
* Install security/clamav from the ports tree.
|
|
|
|
* Confirm that user clamav was added to the mail group in /etc/group.
|
|
|
|
* Confirm that /var/log/clamav and /var/run/clamav exist and are owned
|
|
by clamav:clamav.
|
|
|
|
* In Exim's configure file, set av_scanner=clamd:/var/run/clamav/clamd
|
|
|
|
* Adjust the exiscan ACLs in Exim's configure file. Make sure you use
|
|
the demime option with the malware check, e.g.:
|
|
|
|
deny message = This message contains malware ($malware_name)
|
|
demime = *
|
|
malware = *
|
|
|
|
* Edit clamav.conf as follows:
|
|
|
|
LogFile /var/log/clamav/clamd.log
|
|
PidFile /var/run/clamav/clamd.pid
|
|
LocalSocket /var/run/clamav/clamd
|
|
User clamav
|
|
AllowSupplementaryGroups
|
|
ScanArchive
|
|
ScanMail
|
|
|
|
You may wish to make other changes as well.
|
|
|
|
* Make sure clamd_enable="YES" has been added to /etc/rc.conf; this is
|
|
required by the clamav port's startup script,
|
|
%%RC_DIR%%/clamd%%RC_SUFX%% .
|
|
|
|
* Run freshclam.
|
|
|
|
* Add a cron job that runs freshclam --daemon-notify --quiet at least
|
|
once a day.
|
|
|
|
* Start clamd with %%RC_DIR%%/clamd%%RC_SUFX%% start .
|
|
|
|
* Start Exim with %%RC_DIR%%/exim%%RC_SUFX%% start .
|
|
|
|
Sheldon Hearn <sheldonh@FreeBSD.org>
|
|
|