Hi there,
On Fri, 8 Aug 2008 jef moskot wrote:
Re: simplest replacement for ancient amavis-perl
> Currently, we accept all infected mail, and quietly quarantine it.
May I suggest that you quarantine it, BUT STILL REJECT IT after it
has been read (and recorded) in its entirety? You're making a rod
for your own back if you accept bad mail. The sender will sell the
recipients' addresses to all his spammer friends and you'll just get
more of it.
> We don't refuse it at SMTP connect, although I might be able to be
> convinced that that's a better idea.
You can reject it all the way up to the last dot (er, period).
> ... I was looking at clamav-milter, which looks simple and also
> comes with the benefit of a community I'm comfortable with.
Many of us here have been using it for years with no problems.
I'll second that about the community.
> I can't find any decent documentation on it, however, (if I'm missing
> something obvious, please point me at it!)
There's quite a lot on the Web but when you download and extract the
source tarball you should have all you need.
> ... and it seems to jam mail at SMTP connection time rather than
> accepting and scanning later.
SMTP conversation, not connection, but that's the best place really.
There are other ways to use it of course. You can just insert a mail
header as a flag and pass it through, leaving e.g YetanOtherMilter or
something like SpamAssassin to decide. Personally, I like mail that
will be rejected to be rejected at the earliest possible opportunity
so that it doesn't waste everybody's money.
> I've found references to using it to quarantine messages, which
> would be perfect, but I haven't seen the docs to explain how to do
> that.
After you install it, you can do
man clamav-milter
[snip]
-A, --advisory
When in advisory mode, clamav-milter flags emails with viruses but
still forwards them. The default option is to stop viruses. This
mode is incompatible with --quarantine and --quarantine-dir.
[snip]
and
man clamd.conf
etc. etc.
(SEE ALSO
clamd(8), clamdscan(1), clamav-milter(8), clamscan(1), freshclam(1), sigtool(1))
If you want to look at those before installing them they're in the docs/man
directory after extracting the tarball, just do
man docs/man/clamav-milter.8
or whatever.
> Also I've found some explanations of how to compile clam to get the
> milter, but those were in connection with FreeBSD ports, and I don't like
> to have to wait until an update has been bundled before I can deploy it.
You can just grab the source tarball and compile and install it like
you would for any almost other Open Source tool. The instructions are
in the tarball itself. Granted there's a slight chicken-and-egg thing
there if you're not used to doing this:
mail4:~$ >>> tar tzvf [...]/clamav-0.93.3.tar.gz | grep
'clamav-0.93.3/\(README\|INSTALL\)'
-rw-r--r-- 1000/1000 73422 2008-07-07 18:38:08 clamav-0.93.3/README
-rw-r--r-- 1000/1000 9416 2008-03-06 18:41:14 clamav-0.93.3/INSTALL
Just extract the tarball to some convenient place beneath your home
directory. Then there's quite a lot to read in the docs directory:
mail4:~$ >>> ls -l [...]/clamav-0.93.3/docs/*pdf
total 2044
[snip]
-rw-r--r-- 1 ged users 82058 2008-03-06 18:41 clamav-mirror-howto.pdf
-rw-r--r-- 1 ged users 240788 2008-07-07 18:41 clamdoc.pdf
-rw-r--r-- 1 ged users 102697 2008-03-06 18:41 phishsigs_howto.pdf
-rw-r--r-- 1 ged users 27199 2008-04-02 21:17 signatures.pdf
Plus more HTML than you can shake a stick at in the same place.
--
73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
