*** JUST AN OPINION - PLEASE TAKE WITH A GRAIN OF SALT *** I think it is a great idea. However, here is why I choose not to do it that way:
1) Only scans those messages under 250KB or whatever limit you set on SPAMC. This misses any potentially infected files a friend might send you in a larger attachment. 2) Resources used more. The message is now set to the SA box(es) regardless of potential infection status. And unless there is a quick abort available in SPAMD for an infected message, the email will get fully checked by all rules.... RBLs, SPF, etc... all completely unnecessary. 3) Can hurt BAYES/AWL databases... if the virus infected email is ever written with the REAL source email address (which nearly none do currently unless accidentally zipped into an attachment by an infected user), the databases will effectively blacklist that user. -- AWL is stored by IP subnet/email address pairs. And as a side note, hopefully you are using ClamD to scan those emails... much faster than serial execution checking. This is why I still stick to a policy of anti-virus scanners for viruses, and anti-spam scanners for spam messages... and checked in that order. AGAIN, just an opinion by me and is not to be considered fact, or even a qualified opinion. Plus, I reserve the right to change my mind. ------------------------------------------------------------ Jason J Ellingson Sr. Web Software Developer 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shiloh Jennings Sent: Tuesday, December 28, 2004 10:14 AM To: xmail@xmailserver.org Subject: [xmail] AV and SA Previously, I had been running ClamAV and SpamC on each of my email = servers. SpamD was running on a cluster of FreeBSD boxes. I had always wanted a solution to move ClamAV off of the email servers and onto the SA boxes. = I finally found a solution: http://wiki.apache.org/spamassassin/ClamAVPlugin We have been using that since it came out and it has been working flawlessly. Anybody running SA on a dedicated Linux or FreeBSD box = might want to consider running the ClamAV Pluggin for SA. The only tweak I = made was switching the CLAMAV score from 10 to 300. I let my customers set = their threshold as high as 100, and needed to make sure virus emails always = scored well beyond their threshold. Also, I made a Win32 compile of the spamc that shipped with SA3. I was = able to fully eliminate the need for CygWin on my Windows based XMail servers = by doing that in addition to moving ClamAV to the SA boxes. I simply ran = the SA installer on a Windows box that had VC5 installed in order to build = the native Win32 spamc.exe, but there are also ways to do it for free. If = you need to build spamc.exe for free, check out the following article: http://wiki.apache.org/spamassassin/BuildSpamcOnWindowsForFree Anyway, I figured I would pass this on in case any other hosts were = looking for similar solutions. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
