> That sounds very interesting in regards to a project im currently working > on, do you know if it would be possible to setup with smtproutes: > > 1. if it find virus in a mail, instead of relaying to original > [EMAIL PROTECTED], it transfers it to another server/domain/account > (fx. setup a vpopmail account on the relay server called > [EMAIL PROTECTED])
qmail-scanner will quarantine viruses it finds locally. It has its own perl based scanner that you can define rules for (block all .exe, block by regexp, etc) -- works great for static subject viruses or hoaxes and other stuff. qmail-scanner will NOT quarantine spam, but it will 'tag' it in the same fashion that SA was written in. This probably answers your question. > 2. same as above, just for spam mails instead (spamassasin score > >= 5) and > to [EMAIL PROTECTED] Read the SA docs and the QS docs on this. You never ever ever quarantine an email because SA says it scored high enough. False positives are a fact of life, and quarantining is silly. In some jurisdictions if you quarantine one "bad mail" you're at fault for not being 100% effective. Therefor, if you are merely scoring, it is up to the end user to a) move it to another folder or b) trash it and risk losing data. I told a specific person here that they should not dump all mail to the trash folder. They ignored me and did it anyway. They attempted to blame Spam Assassin for their loss of an important contract related email a week later, and the fact is the fault lies in the hands of the fool who chose to let a program automatically delete their email without reviewing it. SA and QS work perfect as is. Quarantining or automating deletion is just pointless and dangerous. > 3. if you just relay & scan why dont you use Messagewall? Not sure what Messagewall does. I love SA's accuracy rate and I like the way it modifies headers. I actually have a system that works like this: <border smtp server> | Check for spam score | Then, via smtp routes, if domain is paying for spam detection forward to virus scanner qmail implementation. If they're not, forward to internal server that accepts pop connections. The virus scanner will do the same. Scan, then forward to the same internal server. We do this direction detection by changing the destination (per domain) in smtproutes. -jeff > 4. OT: does anyone know if ClamAV works with Squid? (viruscanning http > transfers)