There is no 'BEST WAY'. Your security policies generaly define what to = do ....
First example : If you DON'T WANT to DROP ANY infected mail, because you don't want to = miss the (IMO 'little') number of legitimate mails that was infected, then = you can process in any order you want as the mail must pass all tests to be scored and then finaly eventualy dropped/bounced/delivered ... Second example : Assuming your security policy is to simply DROP any infected viruses, = why trying to run any other test when you already know that the message is infected ? So perform scan, and if virus found, drop it, else pass to spamassassin = and others filters ... A sample security policy we adopt in our company : 1- Test for spf : if source domain have no spf record go to next steep, = but if source domain have a spf record go to next steep only if sender ip = is ok else drop. 2- Test for smtp AUTH : if authentified smtp session go directly to = test 5 3- Test for blacklists (drop if present else go to next steep) 4- Test for greylisting and go to next steep if ok 5- Test for viruses : drop any infected mail without notifications to = sender and receiver (as we assume that actually 99% infected mails are self generated, don't wasp ressources ...) else go to next steep - Test for anti-spam and depending of score, pass, bounce or drop If spamassasin first job is to scan for viruses, and, with an = selectable option, can simply skip other tests if viruses are found, then yes, = only sending the mail to spamassassin is ok for us. The question is : Can spamassassin run this way ? I don't know yet (I'm = not a spamassassin expert ...) Francis -----Message d'origine----- De : Tony Wu [mailto:[EMAIL PROTECTED] Envoy=E9 : mercredi 29 d=E9cembre 2004 03:31 =C0 : xmail@xmailserver.org Objet : [xmail] Re: AV and SA It is a question I think for some time. Do you do AV first, then SA, or SA first and then AV?? Tony On Tue, 28 Dec 2004 17:21:14 -0600, Jason J. Ellingson <[EMAIL PROTECTED]> wrote: > *** JUST AN OPINION - PLEASE TAKE WITH A GRAIN OF SALT *** >=20 - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
