Damian Menscher wrote:
Obviously I always choose the F= option so my mailservers will continue to work in the event of a milter failure.
That is your prerogative. I, on the other hand, would never configure sendmail in that fashion. Clamav-scans are a critical part of mail delivery. I would never allow mail to be delivered when the virus scanner is down, and would indeed TempFail delivery until I restarted the daemon (via a watchdog script).
My situation is somewhat unique in that I have intelligent users and very few windows machines. So viruses are more of an annoyance than a threat. But let's ignore that for now....
Both of us run watchdog scripts (I run clmilter_watch every 15 minutes) so, at worst, clamav-milter will be down for 15 minutes. In your case, all mail delivery will stop, and I think outgoing mail will also be broken. So, not only will your mailserver be down, but your users won't be able to contact you to let you know it's down. Of course, a 15-minute downtime might be acceptable to you.
In my case, some viruses will leak through. Most of them will probably be caught by spamassassin, and the remaining ones will be seen by the users. Most users will ignore them, and the dumb ones will be protected by the virus scanner on their local windows box.
So, while I can see how virus-scanning of emails might be a core service for a Windows shop with dumb users, it shouldn't be your only line of defense. And I really don't like the risk of breaking email.
In any case, the decision is left to the administrator. My point was:
The fact that Chris Candreva complained that a clamav-milter outage was causing a total email outage indicates that he should be choosing the pass-through option, not the tempfail option.
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
