Jeff Brenton wrote:
Hello Paul,
If you program the MTA to accept-analyze-drop messages, you risk a
false positive not being noticed; if the MTA rejects a legitimate
message, the sender will not get a report about the error.
PJS> What risk of false positives wrt virus-scanning? Are
PJS> virus-scanner so unreliable as to generate false positives? Can
PJS> you back up this assertion? I'd be most interested in hearing
PJS> about this. False positives in virus-scanner usually indicate a
PJS> bug in the signatures.
I was speaking to the generalized case of filtering, which includes
spam filtering.
[snip]
False virus positives are less prevalant today than they were 5 or
more years ago.
[snip]
So you're talking about spam and vintage virusscanners :-^
Have you ever tried running amavisd-new/clamav-daemon *without*
spamfiltering and observe how this impacts your server-performance. I
think you would be surprised at how well that works. And you won't ever
have to worry about writing your own virus-sigs again... But then maybe
that's a secret hobby of yours :-)
--
________________________________________________________________
Paul Stevens mailto:[EMAIL PROTECTED]
NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED]
The Netherlands________________________________http://www.nfg.nl
