On Feb 12, 2004, at 9:45 AM, Bill Shupp wrote:
My recommendation is to use the qmail-scanner/clamav solution rather than this virus patch. Netqmail already comes with the qmailqueue patch, which is required for qmail-scanner to work. And clamav already had MyDoom added to its virus definitions before MyDoom had a name (that's why they called it WORM.SCO.A (meaning the clamav guys are very much on the ball). Since using this solution, I have not had a complaint of a single virus getting through.
And I highly recommend Qscanq, <http://budney.homeunix.net:8080/users/budney/software/qscanq/>, as a replacement for qmail-scanner. It's a C-based program that replaces qmail-queue and does virus scanning on inbound messages. If a message contains a virus, it's denied by qmail-smtpd. No bounces to forged senders, no virus warnings to annoy the recipient, no bounces for non-existent recipients, no spam scanning of viruses, no Perl overhead of qmail-scanner.
Tom, this is great, thanks for mentioning it. It doesn't appear to use TNEF for unpacking such encoded emails.. have you found this to be a detriment? Or have I missed something?
Also, qmail-scanner has a nice mechanism for specifying your own quarantine-attachments via the tab delimited text file. This is great for blocking all attachments with specific suffixes, like .vbs or .scr. Is there any equivalent for qscanq?
I use it in conjunction with qmail-spamc (in SpamAssassin's qmail directory) to scan all incoming messages for viruses and spam without invoking Perl. At some point, I will probably replace qmail-spamc with Ken Jones' patch for vpopmail that adds SpamAssassin scanning to vdelivermail.
And I assume qmail-spamc will also reject mail at the smtpd level?
Lastly, I could not quickly find Ken's patch. Do you have a link for it?
I personally stopped running spamassassin site-wide, and use maildrop to call spamc on a per-user basis (with the help of qmailadmin's "detect spam" feature. In conjunction with webuserprefs (php interface for configuring spamassassin prefs), this works pretty well. The biggest issue is having so many control panels for mail: SquirrelMail's prefs, QmailAdmin, WebUserPrefs. But at least everything is now covered that I need.
Thanks!
Bill Shupp
