From: "Adam Katz" <antis...@khopis.com>
Sent: Saturday, 2009/October/31 10:50
Yet Another Ninja wrote:
On 10/31/2009 2:33 PM, Gene Heskett wrote:
This looks like what I had in mind. But since I don't have that part
checked out yet, would it then delete the mail because clamdscan had
an error? I'll enable the second after the first is working. :)
my recipe was stolen from this
see
http://wiki.clamav.net/bin/view/Main/ClamAndProcmail
I like this one better ... it shows the scan results.
http://wiki.apache.org/spamassassin/FilteringViruses
(Odd that the SA wiki's version is more complete than Clam's...)
There's also an SA plugin that can call ClamAV, see
http://wiki.apache.org/spamassassin/ClamAVPlugin
However, I highly recommend something that interacts at SMTP-time so
that a 500-series reject notice can be issued, letting the sender know
that the message wasn't delivered due to its virus/malware content (I
also feel this way about spam filtering).
Also note (and this is a current predicament on my own deployment) that
clamdscan (as well as clamav-milter, which is what I use) is incapable
of breaking some attachments out of emails; an EICAR test attached with
Thunderbird still gets delivered in all three of the above
implementations on my system.
Some of us use fetchmail rather than run a real server. That rather moots
your comment. (I remember helping Gene decouple SpamAssassin from his
email program. He was getting annoyed at the time it took to load emails.
With fetchmail, procmail, and dovecot or equivalents, you can do a rather
creditable job. But you cannot issue a 500. {^_-})
{^_^}
