On Sep 6, 2006, at 2:44 PM, Todd Lyons wrote:
I do think that there is too much of a danger of denial of service
attacks
or mail failure due to the milter crashing if you scan your mail
during
the SMTP phase. I have regularly seen ISPs that can't accept mail
because
of this problem. I would (at the risk of being repetitive, as I have
argued this before) therefore like to point out the benefits of
using a
manager for clamav such as Amavis (which I have never used) or
MailScanner
Ok, so instead of:
sendmail -> clamav-milter -> clamd
You propose:
sendmail -> amavis-milter -> clamscan
There's no advantage to amavis in this case, and it's actually
worse if
it's using clamscan since it has to load the virus database everytime.
Only if amavis decides that it needs to pass the message through
virus scanning.
Most people configure amavis to look for and immediately reject a
wide range of email based on MIME content-types or the extensions of
file attachments without having to perform more expensive checking
like unpacking archives or passing them to external virus scanners
like ClamAV.
I don't know how to configure amavis to *NOT* be run at SMTP phase.
One way would be to use another MTA like Postfix & its
"content_filter" mechanism. Or you could use sendmail in conjunction
with procmail as the LDA, and have a site-wide procmail config which
passes email intended for local delivery via amavis first.
(which I do use and highly recommend). This means that your MTA can
cope much better with a large peak of incoming mail and then let the
scanning manager take care of the virus scanning (as well as other
actions
such as dealing with spam, complying with user policies etc) off
line.
Sending bogus DSN's is not a good netizen.
True. But neither is dropping email on the floor without
notification. Amavis lets you control whether to reject, bounce,
discard, or quarantine email, and you can choose different behaviors
for spam, versus viral email, versus mail banned for bad headers or
bad attachments.
Of course, whether you can reject a message with a 5xx SMTP response
depends on whether you've hooked amavis into the MTA during the SMTP
phase; if you are doing scanning later, your choices are more limited
as a result.
--
-Chuck
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
