Sophos & ClamAV + Sanesecurity

[Mike Wallace]

The order checking change is only good if you use Sanesecurity. If you don't, it can create major problems such as mine where infected messages are being delivered. 

My environment requires that all infected attachments be removed from messages before delivery and all messages with a spam score of 5.0 or greater delivered to a special mailbox. I use the Sought, OpenProtect and a couple of custom rules and have a false positive rate of 0.16% and a false negative rate of 0.87% (if I exclude the viruses that passed), so I don't think that I need the Sanesecurity rules.

I just checked the last 12 infected message that went through with spamassassin and it scored at an average of 23.0, the lowest was 11.5 the highest was 40.4. So if they were spam checked, then they never would have been delivered to the user. 

You would think that if MailScanner flags something as being infected, it would be handled identically. 

Does anyone know how to force MailScanner to spam check every non-blacklisted or non-whitelisted message like it used to?

Mike Wallace
mike at mlrw.com



On Dec 23, 2009, at 1:31 PM, Kai Schaetzl wrote:

> Mike Wallace wrote on Wed, 23 Dec 2009 11:16:09 -0500:
> 
>> What I occasionally see is that clamav 0.95.3 finds an infection but
>> the message never gets spam checked.
> 
> The order of checking has been reverted lately. No need for a spamcheck if 
> it already contains a virus.
> 
> Kai
> 
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
> 
> This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
>