Hi there, On Fri, 28 Dec 2007 Brian Read wrote:
> I use a number of smeservers (aka e-smith), which all use clamav to > scan incoming emails. Up to (and including) version 6 I got plenty > of hits from clamav. As I upgraded to version 7, the clamav hits > subsided to only phishing emails being detected. My explanation of > this is the Version 7 contains qpsmtpd which "validates" the smtp > protocol and rejects anything which is non standard, whereas > previous versions (broadly) accepted everything, then relied on > spamassassin and Clamav to weed out the baddies. So, my proposition > is that the smtp engines for the "older" viruses may have been > "simplified" and therefore are not acceptable to the very strict > qpsmtpd. I upgraded the server in mid december and it was seeing > 30-40 (real) viruses a day. Overnight it no longer logs any clamav > hits (but rejects a hell of a lot of "illegal" email). Does that > make sense? It makes sense to me. I use ClamAV only as a Sendmail milter. There are lots of Sendmail configuration tricks to weed out unwanted mail, and I use as many of them as I can before the message gets as far as the relatively processor-intensive ClamAV. Clamav-milter is the sixth milter in the queue, but I guess the simple SMTP engines found in most viruses will rarely even get past our GreetPause. :) -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
