Virus Scan Order
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Thu Jun 3 13:47:15 IST 2004
Richard
well yes that's one way around, but I'd like notifications and the stats
to pop into MailWatch so its gotto go through MS.
Also I use Exim on my gateway so although I could config exim with their
version of milter it wouldn't give me stats either..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Richard Lynch wrote:
> John Rudd wrote:
>
>> On Jun 3, 2004, at 1:58 AM, Martin Hepworth wrote:
>>
>>> Thirded
>>>
>>> IMHO everything should be scanned for malware - just in case I forget
>>> and release something I shouldn't...
>>>
>>> Yes I know it increases load, but I'd rather be safe than sorry.
>>>
>>
>> Actually, I think it would _reduce_ the load. I know when Julian was
>> still designing he says that virus scanning was more expensive and thus
>> getting rid of as many things as you can is better before you pass it
>> on to the virus scanner. But, I think things have changed since then,
>> and Spam Assassin is VERY expensive. Further, if you're not deleting
>> spam, doing the spam scanning first doesn't reduce your virus load at
>> all. Whereas, if you are at least removing infected attachments during
>> virus scanning, you'll at last reduce the sizes of messages that get
>> passed to Spam Assassin if you do the virus scanning first.
>>
>>
>> As anecdotal evidence, on days where our scanning machines are being
>> saturated, if I turn off spam scanning, our queues clear out pretty
>> quickly and then stay low. (I can't really turn off the virus scanning
>> though, as it's part of our security infrastructure ... where spam
>> scanning is more of a convenience, sorta)
>>
>> At one point, there was a request to have a variable that would specify
>> the order of different features, but Julian said it would require a
>> significant re-write. That's probably true for just reversing the
>> order, as well. I think specifying the order would be great, but even
>> just doing the virus scan first would greatly help our scanning loads.
>>
> This topic comes up frequently -- seems almost weekly. Julian has said
> it is desirable but it isn't going to happen over night. He's also
> suggested making it dynamic in that he could analyze traffic patterns
> and switch the order on the fly.
>
> An idea that's occurred to me is to install clamav-milter. It rejects
> infected messages at the MTA. That is, if the message is infected it
> is refused by sendmail and MS never sees it. Wouldn't that achieve what
> you're asking for? Is there any reason that such a setup would be
> incompatible with MailScanner?
>
> --
>
>
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list