Best way to use clamav (MTA or MailScanner)
Res
res at ausics.net
Sat Jan 13 02:57:07 CET 2007
On Fri, 12 Jan 2007, Alex Neuman van der Hans wrote:
> Dhawal Doshy wrote:
>> Next, run something like a clamav-milter and reject as many viruses as
>> possible without causing false positives and/or delay in incoming mail. You
>> wouldn't want the sending MTA to timeout due to clamav-milter taking a lot
>> of time.
>>
>> Finally run clamavmodule OR clamscan at the mailscanner level to get rid of
>> any archives that couldn't be unpacked at the clamav-milter level (say rar,
>> lha, arj etc..)
>
> This is one of the reasons I use clamav-milter *and* clamavmodule. One will
> sometimes pick up what the other one misses for whatever reason.
>
Hmmm, milters job is to do somthing with the smtp connection, i'll hold
you open whilst i go off and scan this 11 mb file, oh and it seems
hundreds of you want to do this at the same time, all
conenctions full so sorry go away. This is the reason we got rid of
qmailscanner a couple years ago, all too often mails not accepted cause
connections are full, load goes through the roof.
conclusion:
If you constantly process 5 concurrent emails, milter would be
acceptable, if you have 300+ constant concurrent connections reaching 600
in peak periods, MailScanner is far superior (unless modern day scanning
milters are a lot beter then when i tried it, but i seriously doubt it)
--
Cheers
Res
"So, you think you can tell Heaven from Hell?" - Roger Waters
More information about the MailScanner
mailing list