On Saturday 06 November 2004 01:00 pm, SA wrote:
> I have a question here. Doesn't that require clamav to load the virus
> signatures each time? If so, it would be pretty inefficient and
> resource-hungry. Wouldn't the combination of
> courier-maildrop/clamassassin and clamdscan be a lot faster since the
> clamd daemon keeps the virus.db loaded?
Well yes although this is true your accuracy goes out the door. The problem
with clamd is that the built in mime parser is really bad and it also does
not do a good job of unpacking attachments even if you have the flag set to
scan mail.
In my case I run a shell script that uses ripmime and then takes the parts and
scans them. My detection rate is about 2-3 times higher using this method
instead. I have tired different mime extracting proggies (about 4 or 5 all I
could find at the time) and ripmime has by far the best mime support of any
of them. Some of them were actually worse than the one built into clamav.
So in th3e end the choice is your better detection or more speed. In my case
as well as anybody who really cares about what gets through the server you
really have to choose better security.
Now if at some time in the future clamav starts using ripmime like they have
talked about and if it does a better job of unpacking things then of course
it would be better to use clamd.
--
-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Brook Humphrey
Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107
http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED]
Holiness unto the Lord
-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
