BenDJ, > Just getting started -- and have settled on the fairly common > amavisd-new + spamassassin + clamav setup, with exim. > > My question is -- where best to 'put' clamav-based av scanning? > > spamassassin can integrate clamav scanning as a plugin, using > http://wiki.apache.org/spamassassin/ClamAVPlugin. > i, of course, understand that Amavis can directly interface to > clamav as well. > which approach is preferred, and/or what are the comparative > (dis)advantages?
The ClamAVPlugin works alright, but there is a fundamental drawback: mail messages above a certain size ($sa_mail_body_size_limit) are not passed to SpamAssassin - not by amavisd, not by spamc. (actually this is not entirely true: since amavisd 2.6.3 a truncated message is passed to SpamAssassin, cropped at the above size limit). So an infected large message may not be seen or recognized by ClamAVPlugin. Clamd nowadays is quite capable of decoding/decompressing mail archives. Still, amavisd offers a large set of decoders, which may help a virus scanner recognizing some malware. This only applies when a virus scanner is invoked directly from amavisd, not via SA. If a virus scanner called from amavisd detects malware, spam scanning is skipped entirely, which rules out a possibility that some whitelisting rule in SA would let it pass through. It also saves some spam scanning time on virus outbreaks, although this is not longer so important issue as it was in early days. One more argument: amavisd distinguishes between infection, spam, banned content, bad headers, etc. For each category one can specify different settings, like quarantining, pass/block, notifications, statistics. One may want to tag-and-pass spam but block viruses, or keep quarantined viruses separate from quarantined spam. You lose that ability when virus detection is left for SpamAssassin to do: viruses are just treated like spam in all respects. If already running amavisd, I don't see any reason not to call virus scanners directly from it - and I see a couple of reasons to the opposite. Mark ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
