Quoting Jason Frisvold <[EMAIL PROTECTED]>: > How does everyone handle the clamav quarantine?
I run a cron job that deletes any directory more than 2 weeks old. If they haven't claimed their files in 2 weeks, their more-or-less out of luck (it's actually on the backup tapes after deletion, so it could be recovered still...). Normally that is fine, except during a big out break like now. Now I keep 2 days worth (which is about 0.5 GB to 1GB per day for my site), manually deleting them daily. Once the outbreak is over and the daily size drops back to about 20 MB rather than 1GB, I'll go back letting the cron job do its work. > I'm running clamav w/ > qmail-scanner and every virus laden email gets put into the quarantine > folder... Is it even worth it to quarantine at all? Yes. I've had some false positives end up there. Like when the corrupt zip code was first added I had some clean zip files get caught, etc. My user's get a notice that their file is quarantined and how to ask for it, so they can claim and false positives. It's a safety net I enjoy, except of course during major out breaks. It does pose a risk. My quarantine are is small enough that should a major outbreak like this happen while our admins are all out of the office and not checking our email for an extended period of time, it could fill up the disk and DoS us. So it is not without risks. But so far we've not had that happen. > I did look through the archives, but I didn't see anything about > this... So, if I overlooked something, I apologize. Well, this is an individual thing. Each admin has to decide for themselves what to do. Is the risk of losing false positives important? Is the risk of a DoS more important? etc. Your environment (gov, university, ISP, commerical company, etc) will help dictate your needs, and it varies between groups/industries. > Thanks! -- Eric Rostetter ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
