> >On 22.07.07 15:32, Robert - eLists wrote:
> >> I use qmail-scanner-queue.pl, clamav, spamassassin and qmail
> >>
> >> I can reject spam over a certain scoring threshold this way, yet I have not
> >> figured out a way to just reject email based upon having a virus signature
> >> per clamav.

> On Mon, 23 Jul 2007 11:08:47 +0200, Matus UHLAR - fantomas
> wrote:
> >what does clamav checking in that scanner do then? It should call clamdscan
> >asap (before SA) and when a virus is found, the mail should be imediately
> >rejected, the same way it's rejected when SA tells so.

On 23.07.07 10:19, Nigel Frankcom wrote:
> Umm, I may be missing the point here,

you seem to be :-)

> but SA doesn't bounce mail, it just scores it.

however according to his informations, his qmail queue scanner rejects the
mail if it's spam, but not if it's virus (which is sick and a bug imho)

> Considering the time that can be taken up with various
> scans it's not really feasible to hold open the smtp connection that
> long,

should not be a problem if scaning does not count more than ~4 minutes
(after 5 minutes many clients close connection and re-try, which results
into a multiple mail delivery).

> I use a simpler solution here. If you send an email that gets tagged
> as a virus by any of the av scanners your IP address is put into a
> blocklist for a set period. The thought behind this is that viruses
> very rarely come in one at a time; if a host is infected it will send
> again and again.

this solution can be done as additional to , but imho should not be done
instead of, virus checking.
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.