On Wed, Mar 12, 2008 at 11:16:32AM -0400, Randy Ramsdell wrote:
> Henrik K wrote:
>> On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote:
>>
>>> You can use spamassassin and clamav with or without Amavis, but to
>>> check the message, you must make a system wide change that will
>>> affect every message. Bypassing file size limits with any of those
>>> setups might not be an ideal solution. After a brief read on
>>> Sanesecurity signatures, it appears that the size limits will still
>>> come into the equation and again, a system wide setting change is
>>> required.
>>>

>>
>> What are you talking about? I have no limits on size for ClamAV scans.
>>
>>

> I am talking about message/attachment size limits or was that a
> rhetorical question? You can set the size limit which I believe is
> "StreamMaxLength." From the docs, this should be set to the mail server
> size limit so maybe it isn't a factor. The addon for clamav does seem to
> be interesting given this.


Ofcourse it's not a factor. StreamMaxLength is only applied when the clamd
daemon is on a separate server. And even more, the default is 10MB which is
more than enough for what we are talking about. I really doubt spammers
would be sending _that_ big files.

Just get the Sanesecurity signatures and be done with it, it will help a lot
in any case. Maybe it has signatures for these "big" spams too. Also if you
are using amavisd-new, you should set virus_name_to_spam_score_maps
accordingly.