On Mon, 2004-04-12 at 14:26, Ron Goulard wrote: > On Mon, 2004-04-12 at 00:51, Chris Kloiber wrote: > > On Mon, 2004-04-12 at 09:05, Alexander Dalloz wrote: > > > > define(`confINPUT_MAIL_FILTERS', `clamav')dnl > > > > > > That is no needed sendmail.mc entry. InputMailFilters is set up > > > automatically in sendmail.cf, even if you use multiple milter > > > applications. If used though "define" entries have to be placed at top > > > of sendmail.mc, in front of FEATURE and INPUT_MAIL_FILTER entries. Last > > > in front of the MAILER settings. > > > > > Is this somehow better than using procmail to call clamav-milter? > > What follows can be seen as purely a WildAssedGuess. I haven't been > able to test or verify this. If I am wrong, then please simply ignore > this post and I'll go sit in the corner with my dunce cap. There are > others who can answer much more authoritatively than I. > > I've observed that by calling clamav-milter (or anything for that > matter) via procmail, the entire message is accepted, with or without a > virus, spooled to disk, etc., all the normal things, before the scan > takes place. > > Here's the guessing part... > Calling clamav-milter from sendmail.cf _appears_ to pick the virus > signature out of the incoming data stream and close the connection when > one is found, thereby eliminating the extra disk work. > > That may or may not be what's happening. It's simply my observation. > Some could argue that it's a small distinction but on a heavily loaded, > high volume server, it may make a difference. Ah, ok, I may try it. My mail server (which was running clamav-0.67/clamav-milter out of procmail) just had the clamd croak hard last night, the service script could not restart it without manually removing /var/lock/subsys/clamd first. Not sure what happened, the log just started showing generic errors and then nothing. I have updated to the latest .70rc from their website in the meantime. -- Chris Kloiber, RHCX Red Hat, Inc.
