-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Goulard wrote: | On Mon, 2004-04-12 at 00:51, Chris Kloiber wrote: | |>On Mon, 2004-04-12 at 09:05, Alexander Dalloz wrote: | | |>>define(`confINPUT_MAIL_FILTERS', `clamav')dnl |>> |>>That is no needed sendmail.mc entry. InputMailFilters is set up |>>automatically in sendmail.cf, even if you use multiple milter |>>applications. If used though "define" entries have to be placed at top |>>of sendmail.mc, in front of FEATURE and INPUT_MAIL_FILTER entries. Last |>>in front of the MAILER settings. | | |>Is this somehow better than using procmail to call clamav-milter? | | | What follows can be seen as purely a WildAssedGuess. I haven't been | able to test or verify this. If I am wrong, then please simply ignore | this post and I'll go sit in the corner with my dunce cap. There are | others who can answer much more authoritatively than I. | | I've observed that by calling clamav-milter (or anything for that | matter) via procmail, the entire message is accepted, with or without a | virus, spooled to disk, etc., all the normal things, before the scan | takes place. | | Here's the guessing part... | Calling clamav-milter from sendmail.cf _appears_ to pick the virus | signature out of the incoming data stream and close the connection when | one is found, thereby eliminating the extra disk work. | | That may or may not be what's happening. It's simply my observation. | Some could argue that it's a small distinction but on a heavily loaded, | high volume server, it may make a difference. | | Ron, I can't verify procmail, but sendmail does as you say it cuts the email off before getting fully sent. The user sending the email gets a message something to the effect "Connection Denied: ClamAV detected a virus." Sorry, don't remember the exact phasing and it has been a little while since I checked. The maillog does get an entry about the virus though. And the connection is terminated real-time (so to speak)... Down side, the intended user never sees the email. Important or not. Up side, viruses don't get in.... James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAeuLic7lFLjBWKW0RAu+qAJ43VGui2Xut5enzS4KdRUDvbgKaegCfS1FQ F1D4NgADuvBISFCP14Rh20w= =o858 -----END PGP SIGNATURE-----
