ClamAV & Sanesecurity & Spamassassin

Ryan Weaver ryanw at falsehope.com
Wed Aug 22 21:29:42 IST 2007 

> -----Original Message-----
> From: Rick Cooper
> 
>  > -----Original Message-----
>  > From: Gareth
>  > Sent: Wednesday, August 22, 2007 10:16 AM
>  > To: MailScanner discussion
>  > Subject: Re: ClamAV & Sanesecurity & Spamassassin
>  >
>  > No I was thinking you might have to have two copies of
>  > clamav installed
>  > with one of them compiled to store its signatures in a different
>  > location.
>  > You could symlink the main signatures so both installs can
>  > see them and
>  > mailscanners update works correctly. You could have mailscanner use
>  > clamavmodule as it will have most issues with paths etc...
>  > You could have clamd started from the 2nd copy which can also see
>  > the sanesecurity signatures. The spamassassin plugin looks like it
>  > uses a tcpip socket to clamd so it should not be too bad keeping them
>  > both separate.
> 
> [...]
> 
> You only need one clamav installation, you need to setup a special clam
> database (example: /opt/clamdSane) directory with symlinks to the db
> files
> you want to use with in the special clam db dir.
> 
> MSRBL-Images.hdb -> /usr/local/share/clamav/MSRBL-Images.hdb
> MSRBL-SPAM.ndb -> /usr/local/share/clamav/MSRBL-SPAM.ndb
> phish.ndb -> /usr/local/share/clamav/phish.ndb
> scam.ndb -> /usr/local/share/clamav/scam.ndb
> 
> Next create a new clamd.conf line clamdSane.conf and change the
> DatabaseDirectory, TCPSocket (say 3311), and PidFile settings to
> something
> other than the default like
> 
> DatabaseDirectory /opt/SaneDataBase
> TCPSocket 3311
> PidFile /var/run/clamdSane.pid
> 
> Start your second daemon : clamd --config-file=/path/clamdSane.conf
> 
> And change this line in clamAV.pm (the plugin)
> 
> my $clamav = new File::Scan::ClamAV(port => 3310);
> 
> To
> 
> my $clamav = new File::Scan::ClamAV(port => 3311);
> 
> 
> Now clamd should only see the SaneSecurity sigs when processed via the
> SpamAssassin ClamAV plugin
> 
> Set your rules as desired
> 
> Rick

Sounds workable... Kind of convoluted, but workable :)

Thanks,
Ryan

More information about the MailScanner mailing list