Re: Documenting ClamAV on Fedora?

From: Alexander Dalloz (alexander.dalloz_at_uni-bielefeld.de)
Date: 04/12/04

  • Next message: Brent Fox: "Re: Can someone unsubscribe Pablo until he gets back?" 
    Date: Mon, 12 Apr 2004 17:50:06 +0200
To: For users of Fedora Core releases <fedora-list@redhat.com>

    Am Mo, den 12.04.2004 schrieb Chris Kloiber um 06:51:

    > Is this somehow better than using procmail to call clamav-milter?

    > Chris Kloiber, RHCX

    Hi Chris,

    calling an application for checking the transfered mail while still it
    is streaming brings you the possibility to reject the mail already
    during the DATA process which is in my opinion far better than to first
    accept it in whole to pass it afterwards through a second application,
    or even generate a bounce mail finally (which is at present worm mass
    mail times a very bad habit).

    I can not speak for clamav-milter how it handles the mail stream in case
    clamav detects a virus/worm, but as Ron answered you already, that seems
    to be the case.

    If you like a less global action and more possibilities to handle the
    mail stream I can highly recommend the Sendmail milter application
    called MimeDefang (www.mimedefang.org). It is very professional and is
    rich featured: it can handle multiple anti-virus scanners (like clamav,
    f-prot, McAfee uvscan, ... [~17 types]) in parallel and with just little
    Perl knowledge you can customize the default filter style, like if you
    want whitelists for senders/recipients, how to handle the detection case
    of virus/worms (quarantine or RFC conform rejection with an error code).

    Conclusion: mail rejection in the middle of the mail transfer stream is
    far better than to first get the whole stuff and then starting to check
    and filter. Also from a legal point of view (at least here in Germany)
    you are on the safer side to let the foreign MTA instantly know that you
    do not accept his mail sending using an RFC conform error type than to
    accept the mail in total with the task of needed recipient information
    (maybe sender too).

    Alexander 

    -- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 17:33:31 up 24 days, 1:14, load average: 1.21, 1.25, 1.27 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
             my life is a planetarium - and you are the stars



    


    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Brent Fox: "Re: Can someone unsubscribe Pablo until he gets back?"