Directadmin – block zip attachments with ClamAV and Exim

A lot of viruses and malware is sent in emails with zip attachments. Sometimes your antivirus like ClamAV wont catch nasty email. This is a big problem when you receiving tons of this kind of messages. So if you’re receiving tons of nasty emails containing zip attachments with viruses in it, good way to solve this is by simply reject emails with zip attachments. This was done on Directadmin server with Custombuild 2.0. Even if you’re not using Directadmin, configuration for ClamAV should be very identical.

  • If you built Exim and Clamav with Custombuild 2.0, than you should see this line in your /etc/exim.conf. Uncomment if it’s not already. If you’re using Custombuild 1.2, then this should be changed in /etc/exim.conf directly – settings in step 2 bellow.
    .include_if_exists /etc/exim.clamav.conf
  • Open file /etc/exim.clamav.conf and find word demime within that file. Then simply add zip to it. It should look like this:
    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = *
    deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
    demime = bat:com:pif:prf:scr:vbs:zip
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

Now any email with zip attachment will be rejected. Sender will receive error message like this:

The error that the other server returned was: 
550 This message contains an attachment of a type which we do not accept (.zip)

© 2017
Hosted by Hosterdam

About author