On Mon, 23 Jul 2007 11:08:47 +0200, Matus UHLAR - fantomas
wrote:

>> > which MTA are you using? The clamav plugin should reject the e-mail =

the
>> > same way SA plugin does that (with much less CPU time spent)

>
>On 22.07.07 15:32, Robert - eLists wrote:
>> Uhlar

>
>... and I thought that spelling my surname in capitals would preserver =

from
>this title ...
>
>> I use qmail-scanner-queue.pl, clamav, spamassassin and qmail
>>=20
>> I can reject spam over a certain scoring threshold this way, yet I =

have not
>> figured out a way to just reject email based upon having a virus =

signature
>> per clamav.

>
>what does clamav checking in that scanner do then? It should call =

clamdscan
>asap (before SA) and when a virus is found, the mail should be =

imediately
>rejected, the same way it's rejected when SA tells so.


Umm, I may be missing the point here, but SA doesn't bounce mail, it
just scores it. Considering the time that can be taken up with various
scans it's not really feasible to hold open the smtp connection that
long, so even if it could, bouncing may well not work. You then hit
the problem that the chances of the sending address being legit are
pretty low. So some poor sod is going to cop umpteen gazzilion bounce
messages.

I use a simpler solution here. If you send an email that gets tagged
as a virus by any of the av scanners your IP address is put into a
blocklist for a set period. The thought behind this is that viruses
very rarely come in one at a time; if a host is infected it will send
again and again.

The blocking is done at MTA level.

HTH

Nigel