We currently chain Postfix (with its SMTP protocol and rate filters) via Procmail, first to Clamd, to filter any mail with a virus (etc.) and send it to a Virus bucket. Next the mail goes to Bogofilter which attaches a tag for Spam/Mail/Ambiguous. Next the mail goes to an address filter, which blocks some senders while changing the Spam tag to Ambiguous for other senders (in particular senders who have been recipients of outbound mail). Finally, anything tagged as Spam is routed to a Spam bucket (for possible later retrieval), while Mail and Ambiguous mail is delivered to the final recipient.
Since this is a small email system, we also use Procmail to invoke some recipient dependent adhoc rules along the way to do this and that. P.S. Depending on the exact set of ClamAV signatures, this flow may have to be split into two Clamd stages: the first to identify hard malware to be unconditionally blocked and the second to simply flag bad URLs etc. On Thu, 19 Jan 2017 20:57:28 +0100 Reindl Harald <h.rei...@thelounge.net> wrote: > and in a really good setup your spamassassin also uses clamd to add > scores to all the other rules, dnsbl, uribl, digest-services and so > the uncondtional whitelisting in the milter at last stage is only for > dumb unconditional fasle positives leading to rejects > > Am 19.01.2017 um 20:54 schrieb Reindl Harald: > > Am 19.01.2017 um 20:50 schrieb Paul Kosinski: > >> What if a white-listed sender later becomes part of a botnet? > >> However trustworthy the person is, their email isn't necessarily > >> trustworthy. (The "From:" address could easily be a faked, for > >> example.) > > > > than hopefully your filter setup does not rely only on clamd, > > whitelisting is a local decision with many pros and cons and also > > depends on the signatures included in your setup > > > > there is also a difference if you have just one or more than one > > clamd instance with different signatures and whitelistings > > > > typically clamav-milter is the last stage of filtering - it's faster > > than spamassassin but spamassasin does catch much more than clamd > > and so the whole clamd can be skipped in case of sa-milter rejects > > > >> On Thu, 19 Jan 2017 08:02:39 +0100 > >> z...@aian.de wrote: > >> > >>> Hey there, > >>> > >>> I bet it's an easy one for you, but I couldn't find any > >>> documentation about that. > >>> What I want to do is whitelist a specific sender or recipient from > >>> the scanns. > >>> > >>> I read about the whitelist.ign2 for whitelisting signatures, but > >>> nothing about user whitelisting. > >>> > >>> Can you help? _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
