Hi, Jason-- On Sep 29, 2010, at 12:18 PM, Jason Bertoch wrote: > I currently use clamav-milter with 3rd party sigs in sendmail and am writing > the list to see how people are handling special accounts like abuse@ or > postmas...@. clamav-milter has the ability to whitelist e-mail accounts, but > it's all or nothing. Obviously, the abuse@ address will receive spammy > submissions, but it shouldn't be exposed to viruses. Ideally, I'd be able to > specify not to use 3rd party sigs, phishing sigs, etc. Optionally, being > able to specify a different action (quarantine) for whitelisted addresses > would help. These features don't seem to be available yet, so how is > everyone handling it? > > I suppose I could run a second clamd with different options and use > Mimedefang or amavis to pick the correct daemon, but that seems like overkill.
Do you perform egress filtering of all of the mail traffic coming from your domain(s)? If so, then (modulo signature updates), any genuine abuse report about mail which actually did come from you should be allowed back in. However, it might be reasonable to whitelist abuse@ entirely, anyway. If you do want to include amavisd into the mix, consider adding abuse to virus_lovers_maps / spam_lovers_maps, or consider using the new virus_name_to_spam_score_maps to map 3rd-party signatures to a spam score rather than doing an all-or-nothing action as viral mail. Good question, by the way-- hopefully you'll get some other responses which suggest alternatives I don't know about. :-) Regards, -- -Chuck _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
