From owner-freebsd-questions@FreeBSD.ORG Thu Sep 25 01:25:51 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7819A16A4B3 for ; Thu, 25 Sep 2003 01:25:51 -0700 (PDT) Received: from smtp.volant.org (gate.volant.org [207.111.218.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BDC54402A for ; Thu, 25 Sep 2003 01:25:50 -0700 (PDT) (envelope-from patl+freebsd@volant.org) Received: from 64-144-229-193.client.dsl.net ([64.144.229.193] helo=[192.168.0.13]) by smtp.volant.org with asmtp (TLSv1:AES256-SHA:256) (Exim 4.22) id 1A2RRV-00030k-29; Thu, 25 Sep 2003 01:25:41 -0700 Date: Thu, 25 Sep 2003 01:25:38 -0700 From: Pat Lashley To: Armand Passelac , srenna@vdbmusic.com Message-ID: <2656586224.1064478338@mccaffrey.phoenix.volant.org> In-Reply-To: <20030925073912.GA33334@freebie.freebsd.org> References: <20030922120852.GA18081@freebie.freebsd.org> <20030925073912.GA33334@freebie.freebsd.org> X-Mailer: Mulberry/3.1.0b6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scan-Signature: e6c1780062c416f5efceb6b2fd9e108671e0fcb9 X-Spam-Score: -1.1 (-) X-Spam-Score-Int: -11 X-Spam-Report: -1.1/5.0 This mail has matched the spam-filter tests listed below. See http://spamassassin.org/tag/ for details about the specific tests reported. In general, the higher the number of total points, the more likely that it actually is spam. (The 'required' number of points listed below is the arbitrary number above which the message is normally considered spam.) Content analysis details: (-1.10 points total, 5 required)header IN_REP_TO (-0.5 points) Has a In-Reply-To header quoted email text REPLY_WITH_QUOTES (-0.5 points) Reply with quoted text AWL (0.9 points) AWL: Auto-whitelist adjustment cc: Dan Pelleg cc: freebsd-questions@freebsd.org Subject: Re: antiviruos for FreeBSD mail server ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2003 08:25:51 -0000 --On Thursday, September 25, 2003 09:39:12 +0200 Armand Passelac wrote: > [---- On Wed, 24 Sep, 2003 at 15:58, srenna@vdbmusic.com wrote: ----] >> What do you think of Clam so far? >> I'm interested in checking something out > > It's a good and free product. > It seems to work well. > > But it's only a detect program. On the contrary some of other programs > like sophos,trend micro, ... allow you to clean/put in quarantine/notify/ If your MTA is Exim, with the ExiScan-ACL patches (installed by default by the FreeBSD port); then the ACL statement that passes the message to clamav can choose to quarantine/notify/etc. You can even choose to return an error condition to the sending MTA but really keep/deliver/quarantine a copy of the message. (One of the nice things about Exim and ExiScan-ACL is that you can run the filters, and various other built-in tests, and reject the message while the SMTP session is still open. So you don't wind up queuing bounces to forged from addresses.) I'm not sure whether it can be set to just remove/replace the offending attachment. (I just reject any message that clamav says has a virus. But since I also use the ExiScan-ACL code to reject any message with a dangerous attachment(*); very few viri manage to make it to the clamav check.) (*) In this case dangerous is defined as having one of the file extensions that Microsoft has identified as 'dangerous' and recommends blocking: scr, vbs, bat, lnk, pif, adt, adp, bas, chm, cmd, com, cpl, crt, exe, hlp, hta, inf, ins, isp, js, jse, mdb, mde, msc, msi, msp, mst, pcd, reg, sct, shs, shb, url, vb, vbe, wsc, wsf, wsh -Pat