[BlueOnyx:01051] Re: Clam AV

[Michael Stauber]

Hi Phil,

> Have a good read around the web but I did the following (according to my
> notes so it may not all be correct).
>
> First, I am no Linux Guru and probably never will be. I have used linux for
> about 2 years but still learning myself.

That's a nice guide. However, a few things come to mind here that should be 
taken into consideration:

Every 2-3 months there is a new version of Clam AV and SpamAssassin.

If you install from the sources, you have to repeat the respective steps 
whenever Clam AV or SpamAssassin update, or you get left behind and suffer 
from only partial protection.

A proper install of SpamAssassin requires many PERL modules which are either 
not available on YUM, or available only in outdated versions. Not having some 
of those Perl modules will build a less capable SpamAssassin.

Using SpamAssassin's file based AWL and Bayes (opposed to MySQL based AWL and 
Bayes) creates a tremendeous I/O traffic. Not using AWL or Bayes reduces 
SpamAssassin's effectiveness by around 30%. Not using DCC, Razor and Pyzor 
(which all need to be installed separately as well) chops off another 30% 
effectiveness.

MailScanner: Well, I don't know where to start on that. It's a bloody mess. 
Always has been and always will be. It's such a dirty and whackish and 
performance impairing hack that I'd rather tear my eyes out with a rusty spoon 
than to have it on any box. :p

Both Clam AV and SpamAssassin should be tied to Sendmail using Milters for 
best performance. That'll also allow you to reject (not bounce!) emails at the 
MTA level whenever SpamAssassin or Clam AV say that the email is bad. Can't do 
that with MailScanner, which can only bounce (bad idea!) or discard after the 
email has already been accepted.

But then again, I realize that having "some" protection against virii and SPAM 
is better than having none at all.

-- 
With best regards

Michael Stauber