Brent Kennedy wrote: > I use ClamAV and SA too. My understanding is that you do not want to > continue processing an email if it is already seen as a virus(saves > processing time by the spam server). Keep in mind that some users > also have their AV on another box. I also use the short circuit > plugin and a script to bump viruses to a central quarantine. > > I don't want the virus, even its noted as spam, sent on to the end > user. We actually send the spam to our users junk email folder after > its tagged. The exchange server reads the tag and redirects it. > BTW, clamAV also checks for phishing messages(did you know that?).
You mis-read my first section. By scanning for spam first (the more probable of the two), then REJECTING the message, the virus scan is not needed. An email is more likely to pass the virus filter than to pass the spam filter, which means the very processing time you're talking about saving is better saved with the other order. To do this, my SA implementation (spamass-milter for now) is configured to reject mail hitting 8.0 or more points. All mail processing stops when that is hit, just as all mail processing stops when clamav-milter detects a virus. > Off topic: I hate to say it, but the best method for killing spam > before it even enters is graylisting. We use it at our office and it > blocks 90% of spam. I also greylist and I also see a 90% block rate. Additionally, I find it useful to do an sa-grey-styled penalty (though not 1.0 points) to anything that was delayed. Yes, that's off-topic.
