Clamav suggestions

[Fabio Pedretti]

> MailScanner always tries to deliver as much of the message as possible.
> So if you had 3 docs attached to an email message, 1 of which had a
> macro virus, scanning the whole message with ClamAV would result in none
> of the attachments getting through. Whereas MailScanner's philosophy is
> that the other 2 docs and the message body text should still get
> delivered as they are not infected. So I don't want to throw the whole
> message at ClamAV either.

This make sense. However, in my experience:
- most mail (>99%) with viruses are generated by spambots/spammers and  
should be deleted anyway; it's not usually desiderable to give the  
users the cleaned mail if the remaing is only spam;
- if one user send some attachments with viruses it's better that he  
check and repairs immediately his system (and if he can't no more send  
mails he will do), rather than still provide mail with only the clean  
attachments;
- I am using greylisting + MailScanner (with Spamassassin + Clamav +  
Sanesecurity sigs) and, after these, not many spam/phishing mail can  
reach the users; however, almost all of that mail would be detected by  
clamav (especially with sanesecurity sigs), if the scan would be done  
on the full mail.

So it seems to me that the advantages to give clamav all mail with  
headers by default are bigger than to give it separated attachments.  
Or, at least, would be a valuable addition to provide a config option  
to do this.

Fabio