> http://wiki.apache.org/spamassassin/ClamAVPlugin
> SpamAssassin committers-- anyone disagree that it should go in? > I'm only considering it because I've repeatedly found myself installing > it, and it's a nice simple plugin which works well. ;) As long as users set their expectations right and understand this is not a replacement for a more dependable virus checking ... - messages longer than the few-hundred kB SA limit are not virus scanned; - failure of a clamd daemon or communication with it goes by unnoticed (a debug message is logged at a debug level, I doubt anybody would notice) and mail passes unchecked; - it doesn't distinguish between virus names: nowadays that ClamAV is often used with contributed rules (e.g. SaneSecurity, catching phishing and images), false positives are more frequent. There should be a separate and lower score for such hits than the normal score for truly infected mail; - the File::Scan::ClamAV hasn't been updated for three years. Is it still supported? Mark
