[Mimedefang] Anti-virus software
Matthew Schumacher
matt.s at aptalaska.net
Wed Mar 2 18:00:13 EST 2005
Steven.Ellison at hardywines.com.au wrote:
> I must add, I have been using ClamAV on a mail gateway for 800 users and
> have found
> it very good. Stable while processing around 100,000 messages a month.
>
> We use this as a gateway to a Domino system with Symantec on the Domino
> servers.
> Not much gets through.
>
> We are using File:Scan as well.
>
>
I cannot say exactly how many users we have, but it's a LOT more than
800. Anyway, I have found that clamd works well, but clamav-milter has
given me problems on occasion. The most recent one was when I found
that sendmail runs into blocking issues when it is calling clamav-milter
over the inet socket, but seems to work perfectly when called over a
local unix socket.
As far as the updates go, I use slackware and maintain my own packages.
So when a new clamav comes out, I run my package builder script on my
build host, then copy the package to the production server. Once the
package is on the server, it's one command to install, and another to
restart clamd.
I should also note that running MD and clamd is better for security
anyway if you have md_copy_orig_msg_to_work_dir_as_mbox_file() in your
filter_begin() before the virus scanner is called. This is because the
message will be placed in the temp dir which will allow clamd's scanmail
interface to parse the message, even though mimedefang has already
broken out the mime parts. The idea is that two different mime parsers
read each message which would make it more difficult to hide a virus in
some broken mime.
schu
More information about the MIMEDefang
mailing list