Am Mo, den 12.04.2004 schrieb Chris Kloiber um 06:51:
> Is this somehow better than using procmail to call clamav-milter?
> Chris Kloiber, RHCX
Hi Chris,
calling an application for checking the transfered mail while still it
is streaming brings you the possibility to reject the mail already
during the DATA process which is in my opinion far better than to first
accept it in whole to pass it afterwards through a second application,
or even generate a bounce mail finally (which is at present worm mass
mail times a very bad habit).
I can not speak for clamav-milter how it handles the mail stream in case
clamav detects a virus/worm, but as Ron answered you already, that seems
to be the case.
If you like a less global action and more possibilities to handle the
mail stream I can highly recommend the Sendmail milter application
called MimeDefang (www.mimedefang.org). It is very professional and is
rich featured: it can handle multiple anti-virus scanners (like clamav,
f-prot, McAfee uvscan, ... [~17 types]) in parallel and with just little
Perl knowledge you can customize the default filter style, like if you
want whitelists for senders/recipients, how to handle the detection case
of virus/worms (quarantine or RFC conform rejection with an error code).
Conclusion: mail rejection in the middle of the mail transfer stream is
far better than to first get the whole stuff and then starting to check
and filter. Also from a legal point of view (at least here in Germany)
you are on the safer side to let the foreign MTA instantly know that you
do not accept his mail sending using an RFC conform error type than to
accept the mail in total with the task of needed recipient information
(maybe sender too).
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 17:33:31 up 24 days, 1:14, load average: 1.21, 1.25, 1.27
[ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]
my life is a planetarium - and you are the stars
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
