pico /etc/antivirus.exim
insert the below:

# START
# Filters all incoming an outgoing mail
logfile /var/log/filter.log 0644
## Common Spam
if
# Header Spam
?? ?$header_subject: contains "Pharmaceutical" or
?? ?$header_subject: contains "Viagra" or
?? ?$header_subject: contains "viagra" or
?? ?$header_subject: contains "winner" or
?? ?$header_subject: contains "casino" or
?? ?$header_subject: contains "Cialis" or
?? ?$header_subject: is "The Ultimate Online Pharmaceutical" or
?? ?$header_subject: contains "***SPAM***" or
?? ?$header_subject: contains "[SPAM]" or
?? ?$header_subject: contains "{Definitely Spam?}" or
# Body Spam
?? ?$message_body: contains "Cialis" or
?? ?$message_body: contains "Viagra" or
?? ?$message_body: contains "Leavitra" or
?? ?$message_body: contains "St0ck" or
?? ?$message_body: contains "Viaagrra" or
?? ?$message_body: contains "Cia1iis" or
?? ?$message_body: contains "URGENT BUSINESS PROPOSAL" or
?? ?$message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?" or
?? ?$message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen(? |1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok" or
?? ?$message_body: contains "URGENT BUSINESS PROPOSAL" or
?? ?$message_body: contains "click here if you"
then
# Log Message - SENDS RESPONSE BACK TO SENDER
# SUGGESTED TO LEAVE OFF to prevent fail loops
# and more work for the mail system
# fail text "Message has been rejected because it hasn
#?????????? triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"
seen finish
endif
# END
# Filters all incoming an outgoing mail
# START
# All outgoing mail on the server only - what is sent out
#Check forwarders so it doesn't get blocked
#Forwarders still work =)
## FINANCIAL FAKE SENDERS
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if????? (
???????? $received_protocol is "local" or
???????? $received_protocol is "esmtpa"?????? ?
?? ?) and (
???????? $header_from contains "@citibank.com" or
?? ??? ? $header_from contains "@iausp.com" or
???????? $header_from contains "@bankofamerica.com" or
???????? $header_from contains "@wamu.com" or
???????? $header_from contains "@ebay.com" or
???????? $header_from contains "@chase.com" or
???????? $header_from contains "@wellsfargo.com" or
???????? $header_from contains "@bankunited.com" or
???????? $header_from contains "@bankerstrust.com" or
???????? $header_from contains "@bankfirst.com" or
???????? $header_from contains "@capitalone.com" or
???????? $header_from contains "@citizensbank.com" or
???????? $header_from contains "@jpmorgan.com" or
???????? $header_from contains "@wachovia.com" or
???????? $header_from contains "@bankone.com" or
???????? $header_from contains "@suntrust.com" or
???????? $header_from contains "@amazon.com" or
???????? $header_from contains "@banksecurity.com" or
???????? $header_from contains "@visa.com" or
???????? $header_from contains "@mastercard.com" or
???????? $header_from contains "@mbna.com"
?? ??? ? $header_from contains "@wintergreen.co.za"
)? then
???? logwrite "$tod_log $message_id from $sender_address is fraud"
???? seen finish
? endif
## OTHER FAKE SENDERS SPAM
## Enable this to prevent users using @domain from addresses
## Not recommended since users do use from addresses not on the server
## Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if????? (
???????? $received_protocol is "local" or
???????? $received_protocol is "esmtpa"
??????? ) and (
???????? $header_from contains "@hotmail.com" or
???????? $header_from contains "@yahoo.com" or
???????? $header_from contains "@aol.com"
)? then
???? logwrite "$tod_log $message_id from $sender_address is forged fake"
???? seen finish
? endif