I'm also running clamav with clamav-milter, and I would like to hit the best performance, that's why I was asking for comments :)
MIMEDefang will tie into both SpamAssassin and ClamAV, plus any of a dozen other virus scanners, plus run its own tests. You can configure many different actions (reject, discard, quarantine, label) on just about any criteria you want. It's also *very* customizable -- if you can write it in Perl, you can run it through MIMEDefang!
For instance: AFAIK, there's no way for clamav-milter to handle some of the more obscure cases from testvirus.org. (I've been skimming a thread over on clamav-users.) There are a few testcases that don't actually include the EICAR string, but use tricky filenames like CLSIDs. Similarly, ClamAV won't detect viruses split up using message/partial (a gaping security hole with its own RFC), but MD blocks that type of message by default.
The configurability is nice, too. I have it set to discard known mass-mailing viruses (as detected by Clam), but quarantine/reject others in the unlikely event something has latched onto a legit message. Spam with an extremely high score is rejected and quarantined, but spam with a lower score is simply labeled. Various tests check for common forgeries before mail even gets to Clam or SA.
The company that maintains it also sells a commercial product, Can-It, which combines MIMEDefang with some additional features and an administration interface. I haven't tried it myself, but I've heard good things about it.
MIMEDefang: http://www.mimedefang.org/ Can-It: http://www.roaringpenguin.com/
-- Kelson Vibber SpeedGate Communications <www.speed.net>
