On Sun, May 03, 2009 at 06:47:21PM -0400, Adam Katz wrote: > > I am under the impression that virus checking is *not* that much easier > than a fully-loaded SA implementation, so therefore spam detection > should run first. Counter-point: online lookups cost bandwidth and > latency, virus detection doesn't (yet) require any. > > Pause. Constructive comments and criticisms?
Take in account 3rd party signatures (sanesecurity etc) which are very effective. These days I see ClamAV as just "another SA rule". It's not that expensive to run, so why force to choose. If your server can't handle both, you are in trouble anyway. > Mail that passes SpamAssassin but gets caught by ClamAV would add value > to SA's Bayesian and AWL databases and thus the message stands a chance > at getting caught in the future regardless of its viral content. Yep. Personally I use amavisd-new which offers way to do this and is (imho) a bit more robust and flexible way to implement it. > To best take advantage of that system while not compromising the > short-circuiting, SA's ClamAV plugin should be configured to run at the > very end of the scan and should be skipped for any message scoring high > enough to hit autolearn (which should be higher than the SMTP rejection > threshold). As I can't figure out how to do this, I run it separately. I don't think there is any other way than checking $pms->get_score() inside the plugin. (I peeked how fuzzyocr does it)
