Best way to use clamav (MTA or MailScanner)

Res res at ausics.net
Sat Jan 13 02:57:07 CET 2007


On Fri, 12 Jan 2007, Alex Neuman van der Hans wrote:

> Dhawal Doshy wrote:
>> Next, run something like a clamav-milter and reject as many viruses as 
>> possible without causing false positives and/or delay in incoming mail. You 
>> wouldn't want the sending MTA to timeout due to clamav-milter taking a lot 
>> of time.
>> 
>> Finally run clamavmodule OR clamscan at the mailscanner level to get rid of 
>> any archives that couldn't be unpacked at the clamav-milter level (say rar, 
>> lha, arj etc..)
>
> This is one of the reasons I use clamav-milter *and* clamavmodule. One will 
> sometimes pick up what the other one misses for whatever reason.
>

Hmmm, milters job is to  do somthing with the smtp connection, i'll hold 
you open whilst i go off and scan this 11 mb file, oh and it seems 
hundreds of you want to do this at the same time, all 
conenctions full so sorry go away. This is the reason we got rid of 
qmailscanner a couple years ago, all too often mails not accepted cause 
connections are full, load goes through the roof.


conclusion:
If you constantly process 5 concurrent emails, milter would be 
acceptable, if you have 300+ constant concurrent connections reaching 600 
in peak periods, MailScanner is far superior (unless modern day scanning
milters are a lot beter then when i tried it, but i seriously doubt it)


--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters




More information about the MailScanner mailing list