[BlueOnyx:01054] Re: Clam AV

Sun Apr 12 17:23:38 -05 2009

Its been interesting reading the details here both for and against 
different mail products and strategies. I thought I'd add my two cents 
into the debate.

I've been using CLAM/SpamAssassin/MailScanner for a long time now. Over 
that period, there have been some times when I've pulled my hair out 
more than once.... and I don't have enough to throw away. I agree with 
Michael's statements about MailScanner. It is a bloody mess. However, 
recent developments have (for me) made it more attractive. Yesterday, 
there was a new MailScanner release. The biggest change for me in the 
changelog was the following:

RPM builds changed so that no RPMs are "forced" into being installed on 
RedHat 5 or CentOS 5 systems.

I was in the process of working out how to "tame" the mailscanner perl 
modules that have caused me pain for so many years.... and then I read 
the above. I can finally start stitching my hair back in!

In addition to this new release, the points below are my reasons to use 
MailScanner....

1. I run a spamassassin milter in front of MailScanner to filter the 
crap that is unquestionably spam before forwarding up the processing 
tree. That largely deals with the CPU load. It also rejects much of the 
unwanted mail at the MTA level.
2. The stuff that gets passed the milter is analysed in more depth using 
features in MailScanner that are not normal available in SpamAssassin or 
ClamAV.
3. MailScanner combined with MailWatch provides an end-user quarantine 
facility. Self administration of mail issues when stuff gets blocked can 
be managed by my users directly.
4. Users can "train" bayes. In the MailWatch gui, users can tell the 
system that a mail was wrongly classified as spam, or vice versa. This 
helps over time to make it more accurate.

There's good reasons for and against many tools in the market... Which 
tools to use will long be debated. The one thing I will suggest: Doing 
it yourself is possible, but updates take lots of your time to manage. 
You've pulled your hair out doing it once. If you're going to stay on 
the do-it-yourself path, I suggest you start seeing a hair specialist 
because you're gonna need some treatment!

If you've been convinced about the error of your ways, have a look 
around for the commercial alternatives. It's easier to pay someone else 
to pull their hair out on your behalf!

--
+---------------------------------------------------------------------+
|   / \   Greg Kuhnert, gkuhnert at compassnetworks.com.au               |
| <  o  > Compass Networks - Pointing you in the right direction      |
|   \ /   Come see us for BlueQuartz / BlueOnyx modules & Support.    |
+---------------------------------------------------------------------+

Paul wrote:
>
> > Hi Phil,
>
> > > Have a good read around the web but I did the following (according to
>
> > > my notes so it may not all be correct).
>
> > >
>
> > > First, I am no Linux Guru and probably never will be. I have used
>
> > > linux for about 2 years but still learning myself.
>
> Thank you Phil you have been very helpful!
>
> > That's a nice guide. However, a few things come to mind here that 
> should be taken into consideration:
>
> > Every 2-3 months there is a new version of Clam AV and SpamAssassin.
>
> So if they are now linked through MailScanner, does it mean you cannot 
> Yum Update?
>
> > If you install from the sources, you have to repeat the respective 
> steps whenever Clam AV or SpamAssassin update, or you get left behind 
> and suffer from only partial
>
> > protection.
>
> > A proper install of SpamAssassin requires many PERL modules which 
> are either not available on YUM, or available only in outdated 
> versions. Not having some of those Perl
>
> > modules will build a less capable SpamAssassin.
>
> How do you know if you have the correct Perl modules?
>
> Of all the articles and forums I searched, I never came across 
> anything mentioning this caveat.
>
> > Using SpamAssassin's file based AWL and Bayes (opposed to MySQL 
> based AWL and
>
> > Bayes) creates a tremendeous I/O traffic. Not using AWL or Bayes 
> reduces SpamAssassin's effectiveness by around 30%. Not using DCC, 
> Razor and Pyzor (which all need to be
>
> > installed separately as well) chops off another 30% effectiveness.
>
> Would it be ok to install DCC, Razor and Pyzor after I have installed 
> MailScanner?
>
> > MailScanner: Well, I don't know where to start on that. It's a 
> bloody mess.
>
> > Always has been and always will be. It's such a dirty and whackish 
> and performance impairing hack that I'd rather tear my eyes out with a 
> rusty spoon than to have it on
>
> > any box. :p
>
> Hazel O’Connor wrote a song called “If Only!” which comes to mind.
>
> I spent all day yesterday installing ClamAV, Spamassassin, and then 
> MailScanner. God did it take some time and consideration! Days spent 
> researching over the net only to give myself a headache and every bit 
> of information different. I Had looked at MailScanner because it was 
> mentioned so much in the forums. Oh well at least I can say I have 
> learnt something this weekend.
>
> > Both Clam AV and SpamAssassin should be tied to Sendmail using 
> Milters for best performance. That'll also allow you to reject (not 
> bounce!) emails at the MTA level
>
> > whenever SpamAssassin or Clam AV say that the email is bad. Can't do 
> that with MailScanner, which can only bounce (bad idea!) or discard 
> after the email has already been
>
> > accepted.
>
> “If only” I had waited and seen this reply! I am now wondering if I 
> should just reformat and start again!
>
> > But then again, I realize that having "some" protection against 
> virii and SPAM is better than having none at all.
>
> True, so true! But a shame on society that we need it.
>
> So now I will go away into the corner and sulk!
>
> Please reply to;
>
> pcr1066 at gmail.com
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>   