Hi there,
On Fri, 19 Feb 2021, Joe Acquisto-j4 wrote:
On Thu, 18 Feb 2021, Joe Acquisto-j4 wrote:
Any pointers for using the ClamAVPlugin?
Could you flesh that out a bit?
Sorry I did not think to explain properly. Using Postfix and Spamassassinm
on an OpenSuse version ...
If you're using Postfix and SpamAssassin you have choices. Postfix
can use milters, so clamav-milter which comes with ClamAV might make
sense. There are similar approaches which can tie the MTA directly to
the scanner without using clamav-milter. In these cases, SpamAssassin
wouldn't need to be involved at all. But I believe SpamAssassin can
also filter mail via ClamAV, so that the MTA (Postfix) wouldn't even
know that ClamAV was involved and the SpamAssassin configuration could
decide what to do with the mail on the basis of the scan results. One
benefit of using SpamAssassin this way is that you can bring the virus
scanning into the SpamAssassin scoring system. (One drawback is that
you will then have virus scanning in the SpamAssassin scoring system.
It's a very long time since I used SpamAssassin, but others here will
probably have fresher recollections.)
Decided on ClamAV and after some fumbling had it working through use of
the ClamAVPlugin. At lesat an EICAR test email was flagged properly.
Now, it does not appear to work any longer ...
So basically, just want to tie ClavAV (using clamd) into PF/SA to scan and
flag incoming email. In a way that does not require I learn, or relearn
That last part bothers me a bit. I view my life with computers as a
state of continual learning. I can never get enough of it. I believe
in particular that if you're the only thing betwen your systems and
the Bad Guys and you stop learning, then you're heading for trouble
because the Bad Guys _never_ stop learning.
Aside, I did notice the "security issue" but, thought it minor, in my rather
isolated environment. Perhaps you feel it is a serious issue?
It depends on whether or not you think that not knowing that your mail
hasn't been scanned is a serious issue. All mail here is carefully
vetted, and we run no Windows boxes, so we use ClamAV mainly for spam
detection and reporting; we don't rely on ClamAV for security, so even
if mail didn't get scanned it probably wouldn't be a big deal. If you
have many and careless users, who rely on your mail server to protect
them from millions of Windows viruses, you may take a different view.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
