It is a question I think for some time. Do you do AV first, then SA, or SA first and then AV??
Tony On Tue, 28 Dec 2004 17:21:14 -0600, Jason J. Ellingson <[EMAIL PROTECTED]> wrote: > *** JUST AN OPINION - PLEASE TAKE WITH A GRAIN OF SALT *** > > I think it is a great idea. However, here is why I choose not to do it that > way: > > 1) Only scans those messages under 250KB or whatever limit you set on SPAMC. > This misses any potentially infected files a friend might send you in a > larger attachment. > > 2) Resources used more. The message is now set to the SA box(es) regardless > of potential infection status. And unless there is a quick abort available > in SPAMD for an infected message, the email will get fully checked by all > rules.... RBLs, SPF, etc... all completely unnecessary. > > 3) Can hurt BAYES/AWL databases... if the virus infected email is ever > written with the REAL source email address (which nearly none do currently > unless accidentally zipped into an attachment by an infected user), the > databases will effectively blacklist that user. -- AWL is stored by IP > subnet/email address pairs. > > And as a side note, hopefully you are using ClamD to scan those emails... > much faster than serial execution checking. > > This is why I still stick to a policy of anti-virus scanners for viruses, > and anti-spam scanners for spam messages... and checked in that order. > > AGAIN, just an opinion by me and is not to be considered fact, or even a > qualified opinion. Plus, I reserve the right to change my mind. > ------------------------------------------------------------ > Jason J Ellingson > Sr. Web Software Developer > > 615.301.1682 : nashville > 612.605.1132 : minneapolis > > www.ellingson.com > [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Shiloh Jennings > Sent: Tuesday, December 28, 2004 10:14 AM > To: xmail@xmailserver.org > Subject: [xmail] AV and SA > > Previously, I had been running ClamAV and SpamC on each of my email = > servers. > SpamD was running on a cluster of FreeBSD boxes. I had always wanted a > solution to move ClamAV off of the email servers and onto the SA boxes. = > I > finally found a solution: > http://wiki.apache.org/spamassassin/ClamAVPlugin > > We have been using that since it came out and it has been working > flawlessly. Anybody running SA on a dedicated Linux or FreeBSD box = > might > want to consider running the ClamAV Pluggin for SA. The only tweak I = > made > was switching the CLAMAV score from 10 to 300. I let my customers set = > their > threshold as high as 100, and needed to make sure virus emails always = > scored > well beyond their threshold. > > Also, I made a Win32 compile of the spamc that shipped with SA3. I was = > able > to fully eliminate the need for CygWin on my Windows based XMail servers = > by > doing that in addition to moving ClamAV to the SA boxes. I simply ran = > the > SA installer on a Windows box that had VC5 installed in order to build = > the > native Win32 spamc.exe, but there are also ways to do it for free. If = > you > need to build spamc.exe for free, check out the following article: > http://wiki.apache.org/spamassassin/BuildSpamcOnWindowsForFree > > Anyway, I figured I would pass this on in case any other hosts were = > looking > for similar solutions. > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > -- My Blog - http://tony1986.blogspot.com/ - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
