> That sounds very interesting in regards to a project im currently working
> on, do you know if it would be possible to setup with smtproutes:
> 1. if it find virus in a mail, instead of relaying to original
> [EMAIL PROTECTED], it transfers it to another server/domain/account
> (fx. setup a vpopmail account on the relay server called

qmail-scanner will quarantine viruses it finds locally.  It has its own perl
based scanner that you can define rules for (block all .exe, block by
regexp, etc) -- works great for static subject viruses or hoaxes and other

qmail-scanner will NOT quarantine spam, but it will 'tag' it in the same
fashion that SA was written in.

This probably answers your question.

> 2. same as above, just for spam mails instead (spamassasin score
> >= 5) and

Read the SA docs and the QS docs on this.  You never ever ever quarantine an
email because SA says it scored high enough.  False positives are a fact of
life, and quarantining is silly.   In some jurisdictions if you quarantine
one "bad mail" you're at fault for not being 100% effective.   Therefor, if
you are merely scoring, it is up to the end user to a) move it to another
folder or b) trash it and risk losing data.

I told a specific person here that they should not dump all mail to the
trash folder.  They ignored me and did it anyway.

They attempted to blame Spam Assassin for their loss of an important
contract related email a week later, and the fact is the fault lies in the
hands of the fool who chose to let a program automatically delete their
email without reviewing it.

SA and QS work perfect as is.  Quarantining or automating deletion is just
pointless and dangerous.

> 3. if you just relay & scan why dont you use Messagewall?

Not sure what Messagewall does.  I love SA's accuracy rate and I like the
way it modifies headers.  I actually have a system that works like this:

<border smtp server>
  Check for spam score
  Then, via smtp routes, if domain is paying for spam detection forward to
virus scanner
  qmail implementation.   If they're not, forward to internal server that
accepts pop

The virus scanner will do the same.  Scan, then forward to the same internal

We do this direction detection by changing the destination (per domain) in


> 4. OT: does anyone know if ClamAV works with Squid? (viruscanning http
> transfers)

Reply via email to