Re: Documenting ClamAV on Fedora?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ron Goulard wrote:

| On Mon, 2004-04-12 at 00:51, Chris Kloiber wrote:
|
|>On Mon, 2004-04-12 at 09:05, Alexander Dalloz wrote:
|
|
|>>define(`confINPUT_MAIL_FILTERS', `clamav')dnl
|>>
|>>That is no needed sendmail.mc entry. InputMailFilters is set up
|>>automatically in sendmail.cf, even if you use multiple milter
|>>applications. If used though "define" entries have to be placed at top
|>>of sendmail.mc, in front of FEATURE and INPUT_MAIL_FILTER entries. Last
|>>in front of the MAILER settings.
|
|
|>Is this somehow better than using procmail to call clamav-milter?
|
|
| What follows can be seen as purely a WildAssedGuess.  I haven't been
| able to test or verify this.  If I am wrong, then please simply ignore
| this post and I'll go sit in the corner with my dunce cap.  There are
| others who can answer much more authoritatively than I.
|
| I've observed that by calling clamav-milter (or anything for that
| matter) via procmail, the entire message is accepted, with or without a
| virus, spooled to disk, etc., all the normal things, before the scan
| takes place.
|
| Here's the guessing part...
| Calling clamav-milter from sendmail.cf _appears_ to pick the virus
| signature out of the incoming data stream and close the connection when
| one is found, thereby eliminating the extra disk work.
|
| That may or may not be what's happening.  It's simply my observation.
| Some could argue that it's a small distinction but on a heavily loaded,
| high volume server, it may make a difference.
|
|
Ron,

I can't verify procmail, but sendmail does as you say it cuts the email
off before getting fully sent.  The user sending the email gets a
message something to the effect "Connection Denied: ClamAV detected a
virus."  Sorry, don't remember the exact phasing and it has been a
little while since I checked.  The maillog does get an entry about the
virus though.  And the connection is terminated real-time (so to
speak)...  Down side, the intended user never sees the email.  Important
or not.

Up side, viruses don't get in....

James

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAeuLic7lFLjBWKW0RAu+qAJ43VGui2Xut5enzS4KdRUDvbgKaegCfS1FQ
F1D4NgADuvBISFCP14Rh20w=
=o858
-----END PGP SIGNATURE-----



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux