From owner-freebsd-questions@FreeBSD.ORG Thu Jul 1 01:21:53 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B1A716A4CE for ; Thu, 1 Jul 2004 01:21:53 +0000 (GMT) Received: from et.endace.com (et.endace.com [219.88.101.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91C1943D39 for ; Thu, 1 Jul 2004 01:21:52 +0000 (GMT) (envelope-from richard@endace.com) Received: from muon.et.endace.com (muon.et.endace.com [192.168.64.11]) by et.endace.com (8.12.11/8.12.11) with ESMTP id i611Lp5T067210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 1 Jul 2004 13:21:51 +1200 (NZST) Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0)i611M3Ls016138 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 1 Jul 2004 13:22:03 +1200 Date: Thu, 1 Jul 2004 13:22:03 +1200 From: Richard Stevenson To: Eric Crist In-Reply-To: <000901c45f05$17f0d1b0$6501a8c0@Nomad> Message-ID: References: <000901c45f05$17f0d1b0$6501a8c0@Nomad> Comments: PGP Public Key on keyservers: Key ID FA6D9719 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Scanned-By: milter-gris/0.3.18 (et.endace.com [192.168.64.254]); Thu, 01 Jul 2004 13:21:51 +1200 X-Scanned-By: milter-gris/0.3.18 (muon.et.endace.com [192.168.64.11]); Thu, 01 Jul 2004 13:22:03 +1200 X-Virus-Scanned: clamd / ClamAV version devel-20040611, clamav-milter version 0.72a on et.endace.com X-Virus-Scanned: clamd / ClamAV version devel-20040618, clamav-milter version 0.72a on muon.et.endace.com X-Virus-Status: Clean X-Virus-Status: Clean cc: freebsd-questions@freebsd.org Subject: Re: Milter and ClamAV X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 01:21:53 -0000 On Wed, 30 Jun 2004, Eric Crist wrote: > I've just installed ClamAV with Milter support. I was wondering how I > would go about adding a signature at the bottom of outgoing mail to > indicate that it has been scanned? I wouldn't bother, for two reasons: 1. Clamav-milter adds a couple of X- headers to the message, saying it was scanned. This is what was in your message: X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72 on grog.secure-computing.net X-Virus-Status: Clean 2. I'm not aware of any general way to add a note to the bottom of any message, unless you ban all multipart messages and/or attachments from passing through your system. Your users/customers might complain about that ;) Personally, I think the idea of such a signature is just a "feel-good" thing and doesn't actually add anything other than a false sense of security. Depending on how often you update your virus DB files, and which virus it is, a message containing a virus may get through the scanning without detection. For example, I've got a copy of W32.Spybot.Worm sitting on my disk that clamav doesn't pick up, even though I submitted it to them when I first received a copy of it, several weeks ago. Norton/Symantec, Trend, and F-Prot all detect the virus and try to delete/quarantine the file. If you really want to go ahead and do this, read the clamav-milter manpage and look for --signature-file. Personally, I see no value in it. Regards Richard -- Richard Stevenson