On 6/29/2015 11:47 PM, PGNd wrote: > > > On Mon, Jun 29, 2015, at 09:32 PM, Noel Jones wrote:
>> I would certainly move clamav to pre-queue, so you can reject >> unwanted mail. AV scanning is generally much faster than >> full-content spam scanning, and this is certainly true with clamd >> vs. spamassassin. > > The reason I've hesitated in moving clamav up front is that I undestood that > to a/v scan I'm accepting the entire message anyway, and, since SA was going > to scan the same, accepted content, was avoiding additional unnecessary > acceptance & processing. An important distinction -- when you do scanning pre-queue, the entire message is *transmitted* but not *accepted*. That's the perfect opportunity to reject unwanted mail without breaking the mail infrastructure. > > But the advice is noted. > >> And use the add-on antispam signatures from >> sanesecurity. > > I'd thought I'd heard sanesecurity sigs had died off ... not that I've > checked of late. Still alive and very active. You're probably thinking of someone else. http://sanesecurity.com http://sanesecurity.com/usage/signatures/ I've found the "low" and "med" risk sigs to be safe and effective for our use, with near-zero false positives. But that's a decision for each site to make. It's also possible to use these results for scoring in amavisd-new. -- Noel Jones
