On Fri, Aug 08, 2008 at 09:25:19AM -0400, David F. Skoll wrote: > > I am under the opinion that a message should never > > be silently blackholed. > > I used to share that opinion, but no longer do for viruses. If you > turn off Clam's dubious Phishing options, the odds of a false-positive > from Clam are very low. In that situation, there is no point in rejecting; > it's better to silently discard.
I agree with David: it's better to discard a virus, than reject it just because the sending server has a slightly worse virus scanner, or hasn't received the signature updates yet. But I'm more paranoid: We only discard when _2_ independant scanners say it's a virus. Otherwise, we used to tempfail, but nowadays it's not worth the bother, and we just reject for single virus scanner hits. That's a measly few percent of the already insignificant amount of email viruses (we don't count phishes as a virus, they add to the score in SA). -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml