Best way to use clamav (MTA or MailScanner)
Dhawal Doshy
dhawal at netmagicsolutions.com
Fri Jan 12 09:14:54 CET 2007
den gon wrote:
> Hi To all,
>
> I would like to ask what is the best way to use the clamav. Is it on MTA
> level using
> clamav-milter and disabling it to MailScanner as a redundancy or Is it
> on the MailScanner
> disabling the clamav-milter on MTA and enabling it on MailScanner.conf
> "Virus Scanning = yes"
> as "Virus Scanners = clamavmodule"
Ideally:
First create a policy for your organization for a list of extensions
that you would never accept (and would like to reject). Use your MTA to
reject them rightaway. Examples .scr, .cpl
Second, if your MTA supports it, reject patterns that are known to
contain viruses (body_checks OR mime_header_checks in postfix for example)
Next, run something like a clamav-milter and reject as many viruses as
possible without causing false positives and/or delay in incoming mail.
You wouldn't want the sending MTA to timeout due to clamav-milter taking
a lot of time.
Finally run clamavmodule OR clamscan at the mailscanner level to get rid
of any archives that couldn't be unpacked at the clamav-milter level
(say rar, lha, arj etc..)
- dhawal
More information about the MailScanner
mailing list