Best way to use clamav (MTA or MailScanner)

Julian Field MailScanner at ecs.soton.ac.uk
Sat Jan 13 19:58:42 CET 2007 


Dhawal Doshy wrote:
> den gon wrote:
>> Hi To all,
>>
>> I would like to ask what is the best way to use the clamav. Is it on 
>> MTA level using
>> clamav-milter and disabling it to MailScanner as a redundancy or Is 
>> it on the MailScanner
>> disabling the clamav-milter on MTA and enabling it on 
>> MailScanner.conf  "Virus Scanning =  yes"
>> as "Virus Scanners = clamavmodule"
>
> Ideally:
>
> First create a policy for your organization for a list of extensions 
> that you would never accept (and would like to reject). Use your MTA 
> to reject them rightaway. Examples .scr, .cpl
>
> Second, if your MTA supports it, reject patterns that are known to 
> contain viruses (body_checks OR mime_header_checks in postfix for 
> example)
>
> Next, run something like a clamav-milter and reject as many viruses as 
> possible without causing false positives and/or delay in incoming 
> mail. You wouldn't want the sending MTA to timeout due to 
> clamav-milter taking a lot of time.
>
> Finally run clamavmodule OR clamscan at the mailscanner level to get 
> rid of any archives that couldn't be unpacked at the clamav-milter 
> level (say rar, lha, arj etc..)
>
> - dhawal
One of the advantages of doing this at the MailScanner level is the 
control over the message(s) sent out as a result of an infected message 
received. You will probably want to just bin all viruses quietly, 
whereas if you run it at the MTA level it will probably bounce it back 
to the poor innocent soul whose address was faked as the "sender" 
address of the message.

Also, you might want to notify the recipient of the message, at which 
point instead of receiving an unintelligible sendmail error report, they 
get a nice friendly report which you write to explain to them what has 
happened.

This applies to most of the things that MailScanner can do which can 
also be done at the MTA level, the quality and content of the reporting. 
Mere mortals don't understand MTA error messages at all, remember that 
your users will call their support staff whenever they get a report they 
don't understand. Understandable reports ==> less support calls.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list