ClamAV

clamav-unofficial-sigs
The default signatures of ClamAV are quite useless against the rapidly changing zip attachments you find in spam.

Fortunately Sanesecurity provide for free some hourly updated databases that will detect them. Getting them on your system is as simple as As the version in Debian is quite outdated, it tries by default to download some files that don't exist anymore. This is fixed by creating file

Integrate with Exim
You need to have Exim installed for this.

Permissions
The ClamAV daemon is running under user. We need to get this user access to the mail spool for the scan to be possible.

Exim setup
Create file  with the following content and append the following lines to   Finally restart Exim

Test
Testing anti-virus software is commonly done using EICAR anti malware testfile. Although this file is not a virus, it will be recognised by all major anti-virus programs. This allow to test them without risking infecting yourself.

To get the file, simply create a file with the following content You can then email this file to yourself. It must be blocked by Exim.

Check the content of  and   for any issue.