Exiscan-ACL plugs into a number of different virus scanners directly, or any other scanner that can be run from the command line via its cmdline backend.
To use this feature, the main section of your Exim configuration file must specify which virus scanner to use, along with any options you wish to pass to that scanner. The basic syntax is:
av_scanner = scanner-type:option1:option:...
av_scanner = sophie:/var/run/sophie av_scanner = kavdaemon:/opt/AVP/AvpCtl av_scanner = clamd:127.0.0.1 1234 av_scanner = clamd:/opt/clamd/socket av_scanner = cmdline:/path/to/sweep -all -rec -archive %s:found:'(.+)' ...
In the DATA ACL, you then want to use the malware condition to perform the actual scanning:
deny message = This message contains a virus ($malware_name) demime = * malware = */defer_ok
The included file exiscan-acl-spec.txt contains full usage information.