This is a discussion on Re: migrating from clamav before mta to SA ClamAV plugin experiences - SpamAssassin ; On Mon, 23 Jul 2007 11:32:21 +0200, Matus UHLAR - fantomas wrote: >> >On 22.07.07 15:32, Robert - eLists wrote: >> >> I use qmail-scanner-queue.pl, clamav, spamassassin and qmail >> >>=20 >> >> I can reject spam over a certain ...
On Mon, 23 Jul 2007 11:32:21 +0200, Matus UHLAR - fantomas
>> >On 22.07.07 15:32, Robert - eLists wrote:
>> >> I use qmail-scanner-queue.pl, clamav, spamassassin and qmail
>> >> I can reject spam over a certain scoring threshold this way, yet I =
>> >> figured out a way to just reject email based upon having a virus =
>> >> per clamav.
>> On Mon, 23 Jul 2007 11:08:47 +0200, Matus UHLAR - fantomas
>> >what does clamav checking in that scanner do then? It should call =
>> >asap (before SA) and when a virus is found, the mail should be =
>> >rejected, the same way it's rejected when SA tells so.
>On 23.07.07 10:19, Nigel Frankcom wrote:
>> Umm, I may be missing the point here,
>you seem to be :-)
>> but SA doesn't bounce mail, it just scores it.
>however according to his informations, his qmail queue scanner rejects =
>mail if it's spam, but not if it's virus (which is sick and a bug imho)
>> Considering the time that can be taken up with various
>> scans it's not really feasible to hold open the smtp connection that
>should not be a problem if scaning does not count more than ~4 minutes
>(after 5 minutes many clients close connection and re-try, which results
>into a multiple mail delivery).
>> I use a simpler solution here. If you send an email that gets tagged
>> as a virus by any of the av scanners your IP address is put into a
>> blocklist for a set period. The thought behind this is that viruses
>> very rarely come in one at a time; if a host is infected it will send
>> again and again.
>this solution can be done as additional to , but imho should not be done
>instead of, virus checking.
Ahh - it's not unheard of for me to miss the salient points :-)
I don't think bouncing spam is such a good idea though, just my
opinion, but it rarely originates from wherever it *says* it
As far as AV scanning is concerned here, all mail that gets past the
mta gets checked. My mta does various blocks and greylistings based on
previous emails sent. This does throw up a very few fp's but in
several years of running clam and 5 years plus of running my other
virus scanners it's never happened with a virus. Still, never say
never, it's bound to bite me in the ass one day. :-)