Date: Thu, 1 Jul 2004 13:22:03 +1200 From: Richard Stevenson <richard@endace.com> To: Eric Crist <ecrist@secure-computing.net> Cc: freebsd-questions@freebsd.org Subject: Re: Milter and ClamAV Message-ID: <Pine.LNX.4.60.0407011306300.14450@zhba.rg.raqnpr.pbz> In-Reply-To: <000901c45f05$17f0d1b0$6501a8c0@Nomad> References: <000901c45f05$17f0d1b0$6501a8c0@Nomad>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Jun 2004, Eric Crist wrote:
> I've just installed ClamAV with Milter support. I was wondering how I
> would go about adding a signature at the bottom of outgoing mail to
> indicate that it has been scanned?
I wouldn't bother, for two reasons:
1. Clamav-milter adds a couple of X- headers to the message, saying it
was scanned. This is what was in your message:
X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72
on grog.secure-computing.net
X-Virus-Status: Clean
2. I'm not aware of any general way to add a note to the bottom of any
message, unless you ban all multipart messages and/or attachments from
passing through your system. Your users/customers might complain
about that ;)
Personally, I think the idea of such a signature is just a "feel-good"
thing and doesn't actually add anything other than a false sense of
security. Depending on how often you update your virus DB files, and
which virus it is, a message containing a virus may get through the
scanning without detection. For example, I've got a copy of
W32.Spybot.Worm sitting on my disk that clamav doesn't pick up, even
though I submitted it to them when I first received a copy of it, several
weeks ago. Norton/Symantec, Trend, and F-Prot all detect the virus and
try to delete/quarantine the file.
If you really want to go ahead and do this, read the clamav-milter manpage
and look for --signature-file. Personally, I see no value in it.
Regards
Richard
--
Richard Stevenson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.60.0407011306300.14450>