After decryption virus check

2020-07-19 Thread Alex Bruce 
Hello

Correct me if I'm wrong but If I want to check an email for viruses (eg 
ClamAV milter) after a content filter (SMIME Decryption) then I should be 
using the "non_smtpd_milters" parameter to specify the milter?

This should apply after the email is decrypted in a similar way that 
OpenDKIM signature is applied after email is processed?

Cheers,

Alex Bruce

Re: clamav as a milter

2018-03-26 Thread Alex Bruce 
Thing is clamav-milter is a before-queue filter (used as milter in 
postfix) whereas ClamSMTP is after-queue filter (uses content filter in 
postfix)

These are fundamentally different ways of providing filtering in Postfix.

Before-Queue filtering can reject emails if they have a virus in the SMTP 
transaction (after DATA) whereas After-Queue cannot or should not without 
a bounce message (please no backscatter) so After-Queue should only 
quarantine or discard a virus email not reject/bounce.

Before-Queue requires more memory upfront to handle multiple connections 
as each connection is going to need realtime-access to clamav whereas 
After-Queue does not have such stringent requirements and can get away 
with lower memory as email can be processed slower but not perceived to be 
slower (as emails are accepted immediately but later discarded if virus 
etc).

See Pros and Cons of Before Queue -- 
http://www.postfix.org/SMTPD_PROXY_README.html

With clamav-milter it must wait for the milter to say virus or no virus 
before it can end the SMTP transaction which leads to potential 
performance issues if the mail server is not well speced for before-queue 
scanning but it has the advantage of rejecting mail in SMTP transaction.



From:   "André Rodier" 
To: postfix-users@postfix.org
Date:   27/03/2018 12:10 PM
Subject:Re: clamav as a milter
Sent by:owner-postfix-us...@postfix.org



On 26/03/18 23:35, Scott Kitterman wrote:
> On Monday, March 26, 2018 10:27:57 PM André Rodier wrote:
>> Hello all,
>>
>> Does anyone suffered performance loss when using clamav as a milter for
>> postfix?
>>
>> I would like to scan archives and emails with attachments. Is there any
>> other way to do than using a milter?
>>
>> Thanks for your advices.
> 
> I use http://thewalter.net/stef/software/clamsmtp/ - it hasn't been 
updated in 
> a long time, but it does what it needs to do.
> 
> Scott K
> 
Thank you.