I currently use clamav-milter with 3rd party sigs in sendmail and am
writing the list to see how people are handling special accounts like
abuse@ or postmas...@. clamav-milter has the ability to whitelist
e-mail accounts, but it's all or nothing. Obviously, the abuse@ address
will receive spammy submissions, but it shouldn't be exposed to
viruses.
Ideally, I'd be able to specify not to use 3rd party sigs,
phishing sigs, etc. Optionally, being able to specify a different
action (quarantine) for whitelisted addresses would help. These
features don't seem to be available yet, so how is everyone handling it?
I suppose I could run a second clamd with different options and use
Mimedefang or amavis to pick the correct daemon, but
that seems like overkill.
I use sendmail and clamav-milter as well. I also use spamass-milter for
further anti-spam filtering.
I configured clamav-milter to accept on infected rather than reject on
infected.
I then created two custom spamassassin rules to score the message.
Messages that are infected score at 100 points.
Message that are infected with the work UNOFFICIAL in the header score at
-90.
This will cause an infected message to be scored by the UNOFFICIAL
signatures to be captured into the users spamfolder while messages
infected with the base signatures will be rejected with a 550 error.
Even if you don't use spamassassin you might be able to create a filter
using procmail or sieve that will filter the messages properly during
local delivery.
The only problem with this scheme is if unofficial signatures don't have
the word UNOFFICIAL in their name. So far I haven't found any but I
haven't exactly been looking either. This is also my own personal server
so if there is a problem I only have myself to blame.
Ted Hatfield
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
