On Wed, 02 Dec 2009, Sthu Deus wrote: > Do I need clamav mail check on mail server - if I would leave it to
Clamav is fast (if you configure it right), and will let you reject a truckload of dangerous artifacts before they hit the content filters, saving on resources AND adding an extra layer of protection for the end users. If you use amavisd-new to plug clamav to the MTA, and you configure amavisd-new and clamav correctly so as to not lose mail on false positives, you can also use the spam/malware signature databases in www.sanesecurity.org, to aid spamassassin. Clamav is an order of magnitude faster than spamassassin for signature-based rules. > their machines) - the every letter they get? - What does clamav protects: > the email server or the end user (at its own machine)? Depends on how you use it. I don't know anyone who uses clamav to "protect the server", you protect an Unix server by properly hardening it, the falsehoods of the "file scanner industry" have not taken root on Unix land yet. But an AV like clamav in the mail path _does_ protect the end user, as the artifacts will be stopped before they get close to the user. Everyone I know that deploy MTAs professionaly have either clamav or a commercial AV in the mail path, and often both. > PS I want to remove it because I suppose that in case clamav blesses > users' life and not server's - by removing clamav I can close one > potential security whole. Yes, you do close a potential source security holes, but you will be doing so at the expense of your users' safety. At that point, you might as well drop any content filter like amavisd-new and spamassassin (which would also be a potential source of security holes), and use just plain postfix. You will have a lightning fast MTA, that adds almost _no_ value to your users since it will forward tons of spam and malware to their inboxes... -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
