Am 18.03.2015 um 10:30 schrieb Anthony Cartmell:
reverse the order in "smtpd_milters" but keep in mind that a well trained SA rejetcs much more mails than clamav and while clamav needs less ressources you by-pass the whole virus canner that wayMailScanner used to scan in that order too, SA then AV. However with the introduction of third-party ClamAV signature databases that match with things other than malware, the order was changed. Now the initial scanning is now done with clamd (with third party signatures such as those collected by SaneSecurity[1]) first, and then SA second. This allows SA to score messages based on report headers added by the ClamAV virus(/spam/scam/phishing) scanner, making a very flexible tool. [1] http://sanesecurity.com/usage/signatures/
no, we have per day 300 SA rejects and had 20 clamav hits before change the order, now the SA reject-count is not much different and only 5 clamav hits per day
for me that means SA takes 15 out of the 20 malware mails and 275 messages previously gone through both milters are now rejected by the first
/bin/ls -1 /var/lib/clamav/ blurl.ndb bofhland_cracked_URL.ndb bofhland_malware_attach.hdb bofhland_malware_URL.ndb bofhland_phishing_URL.ndb bytecode.cvd crdfam.clamav.hdb daily.cld foxhole_all.cdb foxhole_filename.cdb foxhole_generic.cdb junk.ndb jurlbla.ndb jurlbl.ndb lott.ndb main.cvd malwarehash.hsb mirrors.dat phish.ndb phishtank.ndb rogue.hdb sanesecurity.ftm scamnailer.ndb scam.ndb sigwhitelist.ign2 spamattach.hdb spamimg.hdb spam.ldb spearl.ndb spear.ndb winnow.attachments.hdb winnow_bad_cw.hdb winnow_extended_malware.hdb winnow_malware.hdb winnow_malware_links.ndb winnow_phish_complete_url.ndb winnow_spam_complete.ndb
signature.asc
Description: OpenPGP digital signature
