Questions about ClamAV/Spamassassin, etc.
glenn.steen at gmail.com
Sat Apr 12 10:14:05 IST 2008
On 11/04/2008, Kevin Miller <Kevin_Miller at ci.juneau.ak.us> wrote:
> I'm *way* overdue to upgrade my MailScanner boxes. There have been so
> many great changes over the last year that I'm a bit lost on the finer
> details so would like some "best practice" advice.
> I've got a nifty new IBM x3650 64 bit, dual processer & two gigs ram,
> running SLES 10. I've installed MS, and am now at the spamassassin and
> clamav stage. Please advise on the following:
> 1: ClamAV - which to use, ClamAV, clamd, or clamavmodule? I started
> running the SA/ClamAV dual script and got the following:
> There are 2 recommended ways of installing ClamAV, depending on
> various factors.
> If you want to use MailScanners support for Clamd (virus-scanning
> daemon) then I recommend you cancel this script now (press Ctrl-C)
> and install the RPMs for clamav, clamav-db and clamd from
> Then re-run this script and tell me that clamscan is installed in
> /usr/bin. This will set up your virus.scanners.conf file for you.
> I cancelled. The Dag Wieers site doesn't have SUSE rpms. If clamd is
> the preferred option, what's the best way to install it, clamav and
There is one big win for clamd over clamavmodule, and that is memory
footprint. With clamd, only the clamd process need hold the signatures
in memory, so the MS workers are lean and nice. IIRC there also is a
slight performance increase... Might be wrong about that though:-).
The biggest drawback, once you've successfully set it up (not exactly
trivial, not exactly hard:-), is that you have a SPOF in the clamd
daemon process... So you need have a "service watcher" that will
respawn it if ever it dies...
Personally, I'm still sticking with ClamAVModule:-).
> I believe the the install script will do clamav-module, right? I
> vaguely seems to remember that there was some chatter on the list a
> while ago but don't remember specifics - any caveats to using that, ie.
> keywords to search the archives on?
Perhaps you refer to the signature loading->100% CPU for a few minutes
bug? That shouldn't affect you/your version.
> 2: I'm getting this when /etc/cron.hourly runs:
> running hourly cronjob scripts
> SCRIPT: update_bad_phishing_sites exited with RETURNCODE = 2.
> Any ideas on that?
Have you run it by hand?
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner