Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
On Sunday 12 October 2003 13:28, Paul Johnson wrote: This howto seems to assume Red Hat, and I've never used exiscan before. I tried to adapt, but doing so breaks exim. Is there a howto that doesn't assume a retarded (RPM-based) distro? It was really useful to me, I'm pretty sure my Exim config is OK after following this. However, I experience problems with clamd, what kind of problems do you have...? Perhaps we can help each other out... Cheers, Kjetil -- Kjetil Kjernsmo Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 08, 2003 at 08:14:34AM -0700, Steve Lamb wrote: On Wed, 8 Oct 2003 02:37:47 -0700 Paul Johnson [EMAIL PROTECTED] wrote: On Wed, Oct 08, 2003 at 02:12:41AM -0700, Steve Lamb wrote: There isn't, really. My approach was to try to create a new eval() test in SA which called clamav. I ended up installing exim4-daemon-heavy and using exiscan-acl (compiled into -heavy) to call clamav and left SA in the capable hands of sa-exim. Close enough. Got a howto? I found a pretty good how-to on-line with Google. Search on exiscan-acl clamav pdf. It should be the 2nd link. This howto seems to assume Red Hat, and I've never used exiscan before. I tried to adapt, but doing so breaks exim. Is there a howto that doesn't assume a retarded (RPM-based) distro? - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/iTrLUzgNqloQMwcRAjeDAKCSSWRYpoAsLbgb3GT43x8pcI4rcwCeOosa ZXB5P0CZC4ucVHsexD5jE4g= =J7WY -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
On Sun, Oct 12, 2003 at 04:28:12AM -0700, Paul Johnson wrote: This howto seems to assume Red Hat, and I've never used exiscan before. I tried to adapt, but doing so breaks exim. Is there a howto that doesn't assume a retarded (RPM-based) distro? Odd. The how-to was straight forward for me. The main use I had of it was putting the ACL lines into Exim. The rest was reading install clamav as aptitude install clamav and so on. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- signature.asc Description: Digital signature
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
On Wed, 8 Oct 2003 22:48:54 -0700 Paul Johnson [EMAIL PROTECTED] wrote: Yup, I found it. I like how KDE 3.2 finally has some kpdf integration. Question, though: Where do you get exiscan in debian form for exim4? It is compiled into exim4-daemon-heavy so just install that package. I think I had read somewhere that Andreas might eventually include exiscan-acl into exim4-daemon-light. I may be wrong on that regard. Personally after Swen and SoBig running -heavy with all its unused features is far preferable to having those additional messages in my users' inboxes. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgp0.pgp Description: PGP signature
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 08, 2003 at 11:09:25PM -0700, Steve Lamb wrote: It is compiled into exim4-daemon-heavy so just install that package. I think I had read somewhere that Andreas might eventually include exiscan-acl into exim4-daemon-light. I may be wrong on that regard. Personally after Swen and SoBig running -heavy with all its unused features is far preferable to having those additional messages in my users' inboxes. Blargh...duh...shoulda checked apt-cache before posting... Package: exim4-daemon-heavy ... This package features the exiscan-acl patch http://duncanthrax.net/exiscan-acl/ for integration of virus-scanners and spamassassin. - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/hQDzUzgNqloQMwcRAmCXAKDIC8eygmFrAoVZ5Toq1dgAcrB6EACgyju5 dT2YQGMbyPYP84j3G+miiRI= =XzmO -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Oct 07, 2003 at 10:05:43PM +0200, Kjetil Kjernsmo wrote: Yeah, that's one option. I considered it, but the problem is, if you feed the learner with tons of similar viruses, how good will it be to kill spam...? Bayesian filtering goes on what *you* consider spam, not the traditional definition. Also, if you feed those to Vipul's Razor, what would it mean for Razor? Potentially, the virus infected messages get flagged as spam by razor, which isn't neccisarilly a Bad Thing. I'm working on it right now, actually. I have just upgraded my mail server to Exim4. I think I would recommend that to everyone. If you ask for help on the Exim users list about Exim 3, people don't remember what it was like running Exim 3 anymore, so you're quite lost... :-) Which is really strange, since it's the same MTA, just different layout of the configs which makes it easier to take advantage of the more advanced features. What I've done is to install exim4-daemon-heavy and clamav-daemon, then have a DATA ACL reject certain executables, then pass it to clamd if that didn't do the trick. They are rejected in the SMTP dialogue, if I got this right (somebody correct me if I'm wrong, ASAP :-) ), so the bounce doesn't hit an innocent bystander. I wouldn't reject arbitrarily on filenames but the rest sounds good. Before I run along to the sa-exim mailing list, has anybody here got it working? I've been curious on how to tie in virus scanning to sa-exim as well, post it to this list if you figure it out. - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/g8m7UzgNqloQMwcRAsRkAJ9vVB0bDk0uHFvEHs5XCJu0IsXIrwCgqC3+ BNaxJmQRi1MmAmthGgoDHOo= =PREa -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
On Wed, 8 Oct 2003 01:24:27 -0700 Paul Johnson [EMAIL PROTECTED] wrote: I've been curious on how to tie in virus scanning to sa-exim as well, post it to this list if you figure it out. There isn't, really. My approach was to try to create a new eval() test in SA which called clamav. I ended up installing exim4-daemon-heavy and using exiscan-acl (compiled into -heavy) to call clamav and left SA in the capable hands of sa-exim. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgp0.pgp Description: PGP signature
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 08, 2003 at 02:12:41AM -0700, Steve Lamb wrote: On Wed, 8 Oct 2003 01:24:27 -0700 Paul Johnson [EMAIL PROTECTED] wrote: I've been curious on how to tie in virus scanning to sa-exim as well, post it to this list if you figure it out. There isn't, really. My approach was to try to create a new eval() test in SA which called clamav. I ended up installing exim4-daemon-heavy and using exiscan-acl (compiled into -heavy) to call clamav and left SA in the capable hands of sa-exim. Close enough. Got a howto? - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/g9rrUzgNqloQMwcRAp9pAKCA8JwsmnbXWKGR8AfifermJBBcbQCfZ/Zz 1iCgFZdyXlIvJo20FTD4vMA= =hKyf -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
On Wed, 8 Oct 2003 02:37:47 -0700 Paul Johnson [EMAIL PROTECTED] wrote: On Wed, Oct 08, 2003 at 02:12:41AM -0700, Steve Lamb wrote: There isn't, really. My approach was to try to create a new eval() test in SA which called clamav. I ended up installing exim4-daemon-heavy and using exiscan-acl (compiled into -heavy) to call clamav and left SA in the capable hands of sa-exim. Close enough. Got a howto? I found a pretty good how-to on-line with Google. Search on exiscan-acl clamav pdf. It should be the 2nd link. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgp0.pgp Description: PGP signature
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 08, 2003 at 08:14:34AM -0700, Steve Lamb wrote: Close enough. Got a howto? I found a pretty good how-to on-line with Google. Search on exiscan-acl clamav pdf. It should be the 2nd link. Yup, I found it. I like how KDE 3.2 finally has some kpdf integration. Question, though: Where do you get exiscan in debian form for exim4? - -- .''`. Paul Johnson [EMAIL PROTECTED] : :' : `. `'` proud Debian admin and user `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/hPbGUzgNqloQMwcRAg0vAKCVcUfIDaTqRXk2+r+IxVlJtH8bQwCgqGAc jvw0IXuhqs1yxICJG+ye8lo= =73bp -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
On Tue, 7 Oct 2003 22:05:43 +0200 Kjetil Kjernsmo [EMAIL PROTECTED] wrote: Yeah, that's one option. I considered it, but the problem is, if you feed the learner with tons of similar viruses, how good will it be to kill spam...? Also, if you feed those to Vipul's Razor, what would it mean for Razor? People are already feeding it to Razor. With those considerations, I have opted to kill viruses first, then let SpamAssassin take care of the rest. This seems to be the preferred method. I've been working hard to get SA-Exim working on the top of this... SA-Exim is one of Marc Merlins beautiful hacks, to use SpamAssassin to reject spam at SMTP-time. It looks so simple; just install the .deb from What do you want to do? exiscan-acl can also query Spamassassin and reject at SMTP time. The main reason to go with sa-exim is to get the extra features it offers. Those features being saving the message easily, teergrubing and such. If you have no need of those features then there's no need to install sa-exim. edit /etc/exim4/spamassassin.conf to enable it, then uncomment one line in /etc/exim4/conf.d/main/15_sa-exim_plugin_path rebuild the config file, and that, I thought, would do the trick But nothing happens. It doesn't enter the config file, but there is no error message... Before I run along to the sa-exim mailing list, has anybody here got it working? Yup, what do your logs say? -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgp0.pgp Description: PGP signature