Performance of 'ClamAV Full Message Scan'

Julian Field MailScanner at ecs.soton.ac.uk
Tue Aug 7 20:46:31 IST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Scott Silva wrote:
> René Berber spake the following on 8/6/2007 7:43 PM:
>   
>> From the changelog:
>>
>> "When clamav, clamavmodule or clamd parsers are being used and new setting
>>   "ClamAV Full Message Scan" is set to "yes", pass each of the entire
>>   messages to ClamAV as well as the attachments so that the signatures that
>>   detect spam can work reliably. This is set to "no" be default as it has a
>>   speed impact."
>>
>> Why pass the message AND attachments?  ClamAV can detect the virus in the
>> message in any possible form, MailScanner is just making clam do double work,
>> plus the work done by MS to extract the attachments.
>>
>>     
> Some of the sanesecurity signatures need the full raw message to detect the
> nasties. It does it this way to stay compatible with any other virus scanners
> you might be running. Many of us run several virus scanners to catch more
> 0-day stuff.
> The double scoring is a side effect, but I expect more virus scanners to pick
> up things in the raw messages like clam and mcafee now do.
>
> I don't think Julian is going to have an option of "whole message only", but
> you never know.
>   
You're right, he's not.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGuMwYEfZZRxQVtlQRAlDPAKCH5ZbGqR+M7xi3NH6x+E0fbzvK0wCfQgm0
gKDEUdaDaZw9z6CQHCEY3kw=
=Lqdb
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner mailing list