Best way to use clamav (MTA or MailScanner)

Dhawal Doshy dhawal at netmagicsolutions.com
Fri Jan 12 09:14:54 CET 2007


den gon wrote:
> Hi To all,
> 
> I would like to ask what is the best way to use the clamav. Is it on MTA 
> level using
> clamav-milter and disabling it to MailScanner as a redundancy or Is it 
> on the MailScanner
> disabling the clamav-milter on MTA and enabling it on MailScanner.conf  
> "Virus Scanning =  yes"
> as "Virus Scanners = clamavmodule"

Ideally:

First create a policy for your organization for a list of extensions 
that you would never accept (and would like to reject). Use your MTA to 
reject them rightaway. Examples .scr, .cpl

Second, if your MTA supports it, reject patterns that are known to 
contain viruses (body_checks OR mime_header_checks in postfix for example)

Next, run something like a clamav-milter and reject as many viruses as 
possible without causing false positives and/or delay in incoming mail. 
You wouldn't want the sending MTA to timeout due to clamav-milter taking 
a lot of time.

Finally run clamavmodule OR clamscan at the mailscanner level to get rid 
of any archives that couldn't be unpacked at the clamav-milter level 
(say rar, lha, arj etc..)

- dhawal


More information about the MailScanner mailing list