Documenting ClamAV on Fedora?
James Kosin
jkosin at beta.intcomgrp.com
Mon Apr 12 18:41:38 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ron Goulard wrote:
| On Mon, 2004-04-12 at 00:51, Chris Kloiber wrote:
|
|>On Mon, 2004-04-12 at 09:05, Alexander Dalloz wrote:
|
|
|>>define(`confINPUT_MAIL_FILTERS', `clamav')dnl
|>>
|>>That is no needed sendmail.mc entry. InputMailFilters is set up
|>>automatically in sendmail.cf, even if you use multiple milter
|>>applications. If used though "define" entries have to be placed at top
|>>of sendmail.mc, in front of FEATURE and INPUT_MAIL_FILTER entries. Last
|>>in front of the MAILER settings.
|
|
|>Is this somehow better than using procmail to call clamav-milter?
|
|
| What follows can be seen as purely a WildAssedGuess. I haven't been
| able to test or verify this. If I am wrong, then please simply ignore
| this post and I'll go sit in the corner with my dunce cap. There are
| others who can answer much more authoritatively than I.
|
| I've observed that by calling clamav-milter (or anything for that
| matter) via procmail, the entire message is accepted, with or without a
| virus, spooled to disk, etc., all the normal things, before the scan
| takes place.
|
| Here's the guessing part...
| Calling clamav-milter from sendmail.cf _appears_ to pick the virus
| signature out of the incoming data stream and close the connection when
| one is found, thereby eliminating the extra disk work.
|
| That may or may not be what's happening. It's simply my observation.
| Some could argue that it's a small distinction but on a heavily loaded,
| high volume server, it may make a difference.
|
|
Ron,
I can't verify procmail, but sendmail does as you say it cuts the email
off before getting fully sent. The user sending the email gets a
message something to the effect "Connection Denied: ClamAV detected a
virus." Sorry, don't remember the exact phasing and it has been a
little while since I checked. The maillog does get an entry about the
virus though. And the connection is terminated real-time (so to
speak)... Down side, the intended user never sees the email. Important
or not.
Up side, viruses don't get in....
James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAeuLic7lFLjBWKW0RAu+qAJ43VGui2Xut5enzS4KdRUDvbgKaegCfS1FQ
F1D4NgADuvBISFCP14Rh20w=
=o858
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list