[Mimedefang] Clamav milter or call from MIMEDefang?
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Thu Sep 23 12:00:28 EDT 2004
John Barton wrote:
> I thought I saw this on the list a while ago, but cant seem to find
> anything in the archives. Is there any advantage to running clamav
> milter first, and then only run MD on messages that get past the virus
> scanner? Any help is appreciated,
> -John
It depends. Scroll to the end for the short answer.
If you want to feed viral emails to DCC/Razor/Pyzor/Bayes/etc., then run clamav-milter AFTER MIMEDefang or spamass-milter. (put the INPUT_MAIL_FILTER line for clamav-milter after the MIMEDefang line in your .mc file.) You'll be a good internet citizen and might improve the global DCC/Razor/Pyzor databases. You might stumble upon a Bayesian commonality between viruses, too.
If you want to save resources on your box, run clamav-milter FIRST. This will save an expensive SpamAssassin call. There is debate over whether using spamc/spamd will better leverage the savings thus afforded.
Consider using FEATURE(enhdnsbl) in sendmail to reject email from blacklisted sources early. For good email, sendmail's DNS lookup will return "not found" - this non-find should be cached if the DNS server you're using is at all sensible, so the SpamAssassin DNS lookup will be cheap.
There is actually a good argument for running clamav-milter AND calling clamav from MIMEDefang. clamav-milter and MIMEDefang decompose the message differently, and MIMEDefang might feed a MIME-part to clamav differently than clamav-milter would. This might catch a virus that would otherwise slip by. (clamav-milter might catch a virus that MIMEDefang would miss, and vice versa.)
For the super-paranoid:
1) Run clamav-milter first
2) In MIMEDefang, run the clamav virus check
3) Run clamav-milter AGAIN in case MIMEDefang rebuilt the email
My personal view: run clamav-milter first, MIMEDefang second (jury still out on spamc/spamd)
Matthew.van.Eerde at hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
More information about the MIMEDefang
mailing list