On Thursday 22 October 2015 12:54:13 Patrick von der Hagen wrote: > > You can confirm that by looking at the log. Just identify the message > you are concerned about and look for an entry like > > /var/spool/exim/scan/1ZpBsO-000EWL-Pv/1ZpBsO-000EWL-Pv.eml: OK in the > clamav logs. > > But your configuration looks ok (though I don't understand the > greylisting part in a data-acl, since greylisting triggers before data > is executed. >
I have found one problem. I have been using mutt under a normal user on the EXIM server to send the test emails. This was because when I tried sending from my workstation, the firewall got in the way and cleaned the email first. For some reason, even though mutt was on the server, the emails still went through the firewall and was still getting cleaned. Once I forced mutt to deliver to 127.0.0.1 EXIM / Clamd then saw and blocked the email as it should have. > > I am testing with eicar and they are getting delivered. I am doing this > > using: > > > > [gary@ollie2 ~]$ echo test|mutt [email protected] -a eicar.txt -s "EICAR > > TEST" > > what about "clamdscan eicar.txt"? Does clamd work if exim is not > involved? I suppose Jeremys concern is that clamav might run without a > singature database (or a broken one) and that's my concern as well. > Both clam and Kaspersky detected the file eicar.txt when called from the command line. This means that clamav and EXIM are actually working correctly together, but are not stopping the live virus emails from getting through. I am going to have another go at getting Kaspersky to work to see if that works better. My plan is to use the syntax shown in the EXIM docs to call both anti-virus tasks once I know they both work individually -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
