On Thu, 9 Sep 2004, Matias Lopez Bergero wrote: > Damian Menscher wrote: > > On Mon, 16 Aug 2004, Todd Lyons wrote: > > > >>>It shouldn't, however change if a virus is accepted - since sendmail > >>>should be tempfailing mail until the milters are functioning. > >> > >>Incorrect, depending on how you define your milter call for sendmail. > >> > >>So by not specifying an F=T setting, you're telling it to pass it > >>through in the event of clamav-milter failure. I'm not sure what the > >>case would be if clamav-milter was still fully functional, but clamd > >>failed. > > > > It does bad things, by default (tempfailing the mail, as I recall). The > > fix is to give the --dont-scan-on-error option to your clamav-milter. > > > > My full set of clamav-milter flags are: > > CLAMAV_FLAGS="--quiet --headers --noxheader --dont-log-clean > > --dont-scan-on-error --max-children=10 > > local:/var/run/clamav/clmilter.sock" > > I have found that setting the --max-children flag to 10 or a close value > of 10 may put a little bit slow your SMTP service.
It probably depends on how many CPUs you have, how much RAM, etc. I increased it to 10 because I was hitting the default of 2 fairly regularly under normal load. If anyone has good guidelines for how to set this parameter, I'd be interested to hear them. > I don't like very much the --dont-scan-on-error option, what are the > benefits of using it? If clamd dies, this option tells clamav-milter to simply allow messages through unscanned. Yes, this means a virus can leak through. But there are some of us that consider mail delivery a service and virus blocking a feature. Features are not required. Services are. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
