On Fri, Jul 10, 2009 at 05:01:14PM +0200, Jonas Eckerman wrote: > Steven W. Orr wrote: > >> http://wiki.apache.org/spamassassin/ClamAVPlugin > >> It looks like what I thought I wanted already exists. Based on what I wrote >> above, and that I like the result of running sa + clamav via the two milters, >> does anyone have any caveats for me? > > 1: When running ClamAV inside SA you have to run SA even if ClamAV finds > a virus. This requires more resources than just ClamAV. And ClamAV is > way faster and requires far less than SA does.
When you block botnets directly from MTA (zen, helo checks, greylist etc), possible ClamAV/SA load is already reduced by a huge factor. Personally I only see handful of official ClamAV signatures hitting per 100k hams, so the scanning order wouldn't really matter. One flexible option would be replacing all the different milters with amavisd-milter+amavisd-new. It has all the hooks needed to make ClamAV+SA interact well.
