Date: Thu, 25 Sep 2003 01:25:38 -0700 From: Pat Lashley <patl+freebsd@volant.org> To: Armand Passelac <apasselac@free.fr>, srenna@vdbmusic.com Cc: freebsd-questions@freebsd.org Subject: Re: antiviruos for FreeBSD mail server ? Message-ID: <2656586224.1064478338@mccaffrey.phoenix.volant.org> In-Reply-To: <20030925073912.GA33334@freebie.freebsd.org> References: <20030922120852.GA18081@freebie.freebsd.org> <20030925073912.GA33334@freebie.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Thursday, September 25, 2003 09:39:12 +0200 Armand Passelac <apasselac@free.fr> wrote: > [---- On Wed, 24 Sep, 2003 at 15:58, srenna@vdbmusic.com wrote: ----] >> What do you think of Clam so far? >> I'm interested in checking something out > > It's a good and free product. > It seems to work well. > > But it's only a detect program. On the contrary some of other programs > like sophos,trend micro, ... allow you to clean/put in quarantine/notify/ If your MTA is Exim, with the ExiScan-ACL patches (installed by default by the FreeBSD port); then the ACL statement that passes the message to clamav can choose to quarantine/notify/etc. You can even choose to return an error condition to the sending MTA but really keep/deliver/quarantine a copy of the message. (One of the nice things about Exim and ExiScan-ACL is that you can run the filters, and various other built-in tests, and reject the message while the SMTP session is still open. So you don't wind up queuing bounces to forged from addresses.) I'm not sure whether it can be set to just remove/replace the offending attachment. (I just reject any message that clamav says has a virus. But since I also use the ExiScan-ACL code to reject any message with a dangerous attachment(*); very few viri manage to make it to the clamav check.) (*) In this case dangerous is defined as having one of the file extensions that Microsoft has identified as 'dangerous' and recommends blocking: scr, vbs, bat, lnk, pif, adt, adp, bas, chm, cmd, com, cpl, crt, exe, hlp, hta, inf, ins, isp, js, jse, mdb, mde, msc, msi, msp, mst, pcd, reg, sct, shs, shb, url, vb, vbe, wsc, wsf, wsh -Pat
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2656586224.1064478338>