I have installed SB 3 with my setup and it is working well with the exim editor.
However, how is clam invoked? In my previous exim, it was invoked via exiscan. What's the difference here? What am I failing to understand?

ClamAV is used by the [b]check_message{/b] acl:
# ACL that is used after the DATA command
check_message:
# accept without checking if in skip_av_domains
accept condition =${if and {{def:acl_m0}{def:acl_m0}} {true}{false}}

deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = *

deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:com:pif:prf:scr:vbs
It's defined by one of these lines:
# av_scanner = clamd:/var/run/clamav/clamd
# av_scanner = clamd:/tmp/clamd
In the beta version only one of these lines is included and you may need to change it depending on how you installed ClamAV. In the final versions both lines will be included as above and you'll have to uncomment the right one for your system.

Here's an example of a log entry in one of our systems using SpamBlocker3:
2007-01-25 19:25:39 1HAHic-0007Wg-Sf H=(PAULO) [84.5.87.96] F=<refid753025762551582ib@53.com> rejected after DATA: This messagecontains a virus or other harmful content (HTML.Phishing.Bank-627)
Jeff

Thanks Jeff,
I see it in the logs. Why this approach as opposed to Exiscan?

Because it's all built in to exim and doesn't require external software.

Jeff

I thought exiscan was part of exim.

Then perhaps it's built in and I'm already using it but don't know it :) ?

Do you have any calls to exiscan in your exim.conf file? I don't.

Jeff