The way I look at it, it does not matter. My only concern is to move = the AV and SA stuff off of the email servers and onto its own cluster of boxes. Once AV and SA are on their own cluster of boxes, there is no limit to = how much hardware I can dedicate to AV and SA. =20
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Tony Wu Sent: Tuesday, December 28, 2004 8:31 PM To: xmail@xmailserver.org Subject: [xmail] Re: AV and SA It is a question I think for some time. Do you do AV first, then SA, or SA first and then AV?? Tony On Tue, 28 Dec 2004 17:21:14 -0600, Jason J. Ellingson <[EMAIL PROTECTED]> wrote: > *** JUST AN OPINION - PLEASE TAKE WITH A GRAIN OF SALT *** >=20 > I think it is a great idea. However, here is why I choose not to do = it that > way: >=20 > 1) Only scans those messages under 250KB or whatever limit you set on SPAMC. > This misses any potentially infected files a friend might send you in = a > larger attachment. >=20 > 2) Resources used more. The message is now set to the SA box(es) regardless > of potential infection status. And unless there is a quick abort available > in SPAMD for an infected message, the email will get fully checked by = all > rules.... RBLs, SPF, etc... all completely unnecessary. >=20 > 3) Can hurt BAYES/AWL databases... if the virus infected email is ever > written with the REAL source email address (which nearly none do = currently > unless accidentally zipped into an attachment by an infected user), = the > databases will effectively blacklist that user. -- AWL is stored by = IP > subnet/email address pairs. >=20 > And as a side note, hopefully you are using ClamD to scan those = emails... > much faster than serial execution checking. >=20 > This is why I still stick to a policy of anti-virus scanners for = viruses, > and anti-spam scanners for spam messages... and checked in that order. >=20 > AGAIN, just an opinion by me and is not to be considered fact, or even = a > qualified opinion. Plus, I reserve the right to change my mind. > ------------------------------------------------------------ > Jason J Ellingson > Sr. Web Software Developer >=20 > 615.301.1682 : nashville > 612.605.1132 : minneapolis >=20 > www.ellingson.com > [EMAIL PROTECTED] >=20 > -----Original Message----- > From: [EMAIL PROTECTED] = [mailto:[EMAIL PROTECTED] On > Behalf Of Shiloh Jennings > Sent: Tuesday, December 28, 2004 10:14 AM > To: xmail@xmailserver.org > Subject: [xmail] AV and SA >=20 > Previously, I had been running ClamAV and SpamC on each of my email = =3D > servers. > SpamD was running on a cluster of FreeBSD boxes. I had always wanted = a > solution to move ClamAV off of the email servers and onto the SA = boxes. =3D > I > finally found a solution: > http://wiki.apache.org/spamassassin/ClamAVPlugin >=20 > We have been using that since it came out and it has been working > flawlessly. Anybody running SA on a dedicated Linux or FreeBSD box = =3D > might > want to consider running the ClamAV Pluggin for SA. The only tweak I = =3D > made > was switching the CLAMAV score from 10 to 300. I let my customers set = =3D > their > threshold as high as 100, and needed to make sure virus emails always = =3D > scored > well beyond their threshold. >=20 > Also, I made a Win32 compile of the spamc that shipped with SA3. I = was =3D > able > to fully eliminate the need for CygWin on my Windows based XMail = servers =3D > by > doing that in addition to moving ClamAV to the SA boxes. I simply ran = =3D > the > SA installer on a Windows box that had VC5 installed in order to build = =3D > the > native Win32 spamc.exe, but there are also ways to do it for free. If = =3D > you > need to build spamc.exe for free, check out the following article: > http://wiki.apache.org/spamassassin/BuildSpamcOnWindowsForFree >=20 > Anyway, I figured I would pass this on in case any other hosts were = =3D > looking > for similar solutions. >=20 > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] >=20 > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] >=20 >=20 --=20 My Blog - http://tony1986.blogspot.com/ - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
