Henrik K wrote:
> On Wed, Mar 12, 2008 at 11:16:32AM -0400, Randy Ramsdell wrote:
>
>> Henrik K wrote:
>>
>>> On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote:
>>>
>>>
>>>> You can use spamassassin and clamav with or without Amavis, but to
>>>> check the message, you must make a system wide change that will
>>>> affect every message. Bypassing file size limits with any of those
>>>> setups might not be an ideal solution. After a brief read on
>>>> Sanesecurity signatures, it appears that the size limits will still
>>>> come into the equation and again, a system wide setting change is
>>>> required.
>>>>
>>>>
>>> What are you talking about? I have no limits on size for ClamAV scans.
>>>
>>>
>>>

>> I am talking about message/attachment size limits or was that a
>> rhetorical question? You can set the size limit which I believe is
>> "StreamMaxLength." From the docs, this should be set to the mail server
>> size limit so maybe it isn't a factor. The addon for clamav does seem to
>> be interesting given this.
>>

>
> Ofcourse it's not a factor. StreamMaxLength is only applied when the clamd
> daemon is on a separate server. And even more, the default is 10MB which is
> more than enough for what we are talking about. I really doubt spammers
> would be sending _that_ big files.
>
>

I agreed that size does not matter. But I was mostly responding to
your statement "I have no limits on size for ClamAV scans," but there
are message size limits that can be set. So you do have limits.
> Just get the Sanesecurity signatures and be done with it, it will help a lot
> in any case. Maybe it has signatures for these "big" spams too. Also if you
> are using amavisd-new, you should set virus_name_to_spam_score_maps
> accordingly.
>
>

Just get "Sanesecurity signatures" even though it has nothing to do with
the large file attachments directly? I actually looked into this
technology because of the thread, but it doesn't help in my case.