[Mimedefang] Clamav milter or call from MIMEDefang?
John Barton
jbarton at technicalworks.net
Thu Sep 23 21:14:05 EDT 2004
> On 23 Sep 2004 at 9:00, Matthew.van.Eerde at hbinc.com wrote:
>> If you want to save resources on your box, run clamav-milter FIRST.
>> This will save an expensive SpamAssassin call.
>
> How so? The default filter already avoids calling SA if the message
> has been marked for discard or rejection, which are the two most
> common dispositions for virus-bearing messages (the default filter
> discards them).
I havent researched it yet, I just assumed that I would be getting a
benefit from not tying up a slave, etc,., if the clamav milter could get
the viruses before they got to MD. I will test this over the weekend and
see what happens.
>> Consider using FEATURE(enhdnsbl) in sendmail to reject email from
>> blacklisted sources early.
>
> There are pros and cons. DNSBLs aren't nearly as accurate when used
> as single metrics for rejection, rather than being included in the SA
> score calculation. You end up with a lot more incorrectly rejected
> mail that way.
I would tend to disagree with this, I block email if it is coming from a
host listed in a few select lists such as spamhaus, and I never receive
complaints about false hits. I block almost 400,000 connections a day just
using this technique (across several servers). I think the key here is to
use lists that are responsible in how they list people, and make it
somewhat easy to get removed once the problem is fixed.
>> There is actually a good argument for running clamav-milter AND
>> calling clamav from MIMEDefang. clamav-milter and MIMEDefang
>> decompose the message differently, and MIMEDefang might feed a
>> MIME-part to clamav differently than clamav-milter would.
>
> That hasn't been true since the introduction of
> md_copy_orig_msg_to_work_dir in MD 2.42.
This would be backtracking for me anyway. I am looking to streamline
things, I dont want to scan every message 3 times with the same scanner..
--
John Barton
jbarton at technicalworks.net
More information about the MIMEDefang
mailing list