Steven W. Orr wrote:
http://wiki.apache.org/spamassassin/ClamAVPlugin
It looks like what I thought I wanted already exists. Based on what I wrote above, and that I like the result of running sa + clamav via the two milters, does anyone have any caveats for me?
1: When running ClamAV inside SA you have to run SA even if ClamAV finds a virus. This requires more resources than just ClamAV. And ClamAV is way faster and requires far less than SA does.
2: If an infected whitelisted mail comes in, you would need a much higher score than the example (10) to stop the virus from passing.
3: If you just tag (and don't block) spam, using ClamAV only from within SA will actually let the virus infected mail though to users.
All this said, we run CLamAV both from a milter (MIMEDefang) before SA *and* from SA with the plugin using different configurations. The clamd instance used *before* SA only has the official ClamAV sigs and has phishing sigs and some checks turned off. The clamd instance used *in* SA has the official sigs as well as some third party sig sets and has phishing, broken exe, etc checks turned on.
Once question I have: If I use the plugin and it fires, will it in fact contribute to the bayes and AWL tables ending up as I described above? Or is there a placement question of where the plugin should be invoked?
That plugin simply makes an eval test available that you can use for scoring. The effects of it's scores on bayes and AWL is the same as for any other scoring rules in SA.
Regards /Jonas -- Jonas Eckerman Fruktträdet & Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/
