SA + Clamv

[Luis Daniel Lucio Quiroz <lu...@gmail.com>]

Is there any direct way to make SA and clamav talk thour it clam.socke file?

I want to avoid amavis or mailscanner

:)

RE: SA + Clamv

[RobertH <ro...@abbacomm.net>]

 

> 
> Is there any direct way to make SA and clamav talk thour it 
> clam.socke file?
> 
> I want to avoid amavis or mailscanner
> 
> :)
> 

luis

and also, dont forget to program to use the other clamav signatures that are
out there.

dont forget to score the clamav plugin rule high and "smtp reject"

 - rh

Re: SA + Clamv

[Luis Daniel Lucio Quiroz <lu...@gmail.com>]

http://wiki.apache.org/spamassassin/ClamAVPlugin

I got it, thanks any way.

:D
On Tuesday 16 December 2008 14:38:52 mouss wrote:
> Luis Daniel Lucio Quiroz a écrit :
> > Is there any direct way to make SA and clamav talk thour it clam.socke
> > file?
>
> there's a clamav plugin for SA.
>
> > I want to avoid amavis or mailscanner
>
> why not use clamsmtpd?
> you could also use a milter.

Re: SA + Clamv

[mouss <mo...@netoyen.net>]

Luis Daniel Lucio Quiroz a écrit :
> Is there any direct way to make SA and clamav talk thour it clam.socke file?
> 

there's a clamav plugin for SA.

> I want to avoid amavis or mailscanner

why not use clamsmtpd?
you could also use a milter.

Re: SA + Clamv

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

On 17.12.08 15:00, Luis Daniel Lucio Quiroz wrote:
> I think because it is not binary code, it is slower and use more memory,
> just that.

I think that sa-compile could help you with that (and even with speed of
processing rules)
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.

Re: SA + Clamv

[Luis Daniel Lucio Quiroz <lu...@gmail.com>]

No, I love perl,       

I think because it is not binary code, it is slower and use more memory, just 
that.


On Wednesday 17 December 2008 14:22:20 mouss wrote:
> Luis Daniel Lucio Quiroz a écrit :
> > Hey Robert
> >
> > I know, amavis is the best antispam machine for SA+Clamv, but I have a
> > little box, 256MB or ram and no swap (dont ask why).  There for, because
> > amavis is running under perl, it use alot of memory and then I'm having
> > pipe errors.
>
> if you think perl is bad because it's perl, then you're on the wrong
> list ;-p
>
> > I've found how to use SA+CLAM+Postfix without Amavis.
>
> and can you tell us how you do that?
>
> don' tell me you are fork/exec-ing scripts...
>
> > However, just for
> > informative reasons I'll explain you why I wont use milters.
> >
> > Because postfix arch. email flux is like this:
> > -> pre-queue filtering -> postfix filtering (queue) -> post-queue
> > filtering ->
>
> postfix provides:
> - smtpd access restrictions (before queue)
> - (simple) header/body checks (before queue)
> - milters (depends on what the milter does)
> - proxy filters ("proxy mode")
> - content filter ("after queue" filter)
>
> ideally, an ideal combination is ideal. but which combination is ideal
> depends on the situation. in any case, tuning without measurement is
> always wrong.
>
> > This suggest that all email is got first by pre -queue filtering.  This
> > is not useful for heavy-load boxes because if you set this SA as a milter
> > (postfix only supports milters in pre-queue) then SA will get 100% of
> > load.
>
> "This" is wrong.
>
> > I rather prefer to set it in post-queue (i got using pipe at master.cf)
>
> I also prefer post-queue, but for different reasons.
>
> > because, postfilx filtering (such as helo restriction, fqdn restrictions,
> > client restrictions, including rbl - but i'll use this in SA-) could be
> > applied first and then SA only will get 60% of all mails.  In many
> > installations I've set, I stop much spam using helo-fqdn restriction
> > therefore SA and hole machine have a low load.  Postfix basic filtering
> > it is much faster and cheaper than SA's.
>
> you have much (unjustified) "prejugés"... if you only check IPs, then a
> basic IP filter is the best you can do. but if you want more, then you
> need more...
>
> if you want a minimum overhead specialized MTA, then no available open
> source MTA will do. and no "generic" OS will do. but the advantages of
> "generic" solutions (OSes or servers) generally outweight the costs.

Re: SA + Clamv

[mouss <mo...@netoyen.net>]

Luis Daniel Lucio Quiroz a écrit :
> Hey Robert
> 
> I know, amavis is the best antispam machine for SA+Clamv, but I have a little 
> box, 256MB or ram and no swap (dont ask why).  There for, because amavis is 
> running under perl, it use alot of memory and then I'm having pipe errors.
> 

if you think perl is bad because it's perl, then you're on the wrong
list ;-p


> I've found how to use SA+CLAM+Postfix without Amavis. 

and can you tell us how you do that?

don' tell me you are fork/exec-ing scripts...


> However, just for 
> informative reasons I'll explain you why I wont use milters.
> 
> Because postfix arch. email flux is like this:
> -> pre-queue filtering -> postfix filtering (queue) -> post-queue filtering ->

postfix provides:
- smtpd access restrictions (before queue)
- (simple) header/body checks (before queue)
- milters (depends on what the milter does)
- proxy filters ("proxy mode")
- content filter ("after queue" filter)

ideally, an ideal combination is ideal. but which combination is ideal
depends on the situation. in any case, tuning without measurement is
always wrong.


> 
> This suggest that all email is got first by pre -queue filtering.  This is not 
> useful for heavy-load boxes because if you set this SA as a milter (postfix 
> only supports milters in pre-queue) then SA will get 100% of load.
> 

"This" is wrong.


> I rather prefer to set it in post-queue (i got using pipe at master.cf) 

I also prefer post-queue, but for different reasons.

> because, postfilx filtering (such as helo restriction, fqdn restrictions, 
> client restrictions, including rbl - but i'll use this in SA-) could be 
> applied first and then SA only will get 60% of all mails.  In many 
> installations I've set, I stop much spam using helo-fqdn restriction therefore 
> SA and hole machine have a low load.  Postfix basic filtering it is much 
> faster and cheaper than SA's.

you have much (unjustified) "prejugés"... if you only check IPs, then a
basic IP filter is the best you can do. but if you want more, then you
need more...

if you want a minimum overhead specialized MTA, then no available open
source MTA will do. and no "generic" OS will do. but the advantages of
"generic" solutions (OSes or servers) generally outweight the costs.

Re: SA + Clamv

[Robert Schetterer <ro...@schetterer.org>]

Luis Daniel Lucio Quiroz schrieb:
> Hey Robert
> 
> I know, amavis is the best antispam machine for SA+Clamv, but I have a little 
> box, 256MB or ram and no swap (dont ask why).  There for, because amavis is 
> running under perl, it use alot of memory and then I'm having pipe errors.
> 
> I've found how to use SA+CLAM+Postfix without Amavis.  However, just for 
> informative reasons I'll explain you why I wont use milters.
> 
> Because postfix arch. email flux is like this:
> -> pre-queue filtering -> postfix filtering (queue) -> post-queue filtering ->
> 
> This suggest that all email is got first by pre -queue filtering.  This is not 
> useful for heavy-load boxes because if you set this SA as a milter (postfix 
> only supports milters in pre-queue) then SA will get 100% of load.

true in general, but  if you have 256MB you wont use this for
heavy load boxes, and i found its generally to small mem for spamassasin

> 
> I rather prefer to set it in post-queue (i got using pipe at master.cf) 
> because, postfilx filtering (such as helo restriction, fqdn restrictions, 
> client restrictions, including rbl - but i'll use this in SA-) could be 
> applied first and then SA only will get 60% of all mails.  In many 
> installations I've set, I stop much spam using helo-fqdn restriction therefore 
> SA and hole machine have a low load.  Postfix basic filtering it is much 
> faster and cheaper than SA's.

true too,
but i have several milters on heavy weight boxes and no problem with it
and there are milter for rbls/helo check etc too ( which i didnt tested
), in my mind there is only one danger that might apear , if some milter
checks takes longer then a client wants to stay connect, but this is
mostly a problem of bot clients not of real mailservers
so special with spamass you might use timeout options in spamass-milter
and in spamd for i.e with network test, but there is on big
feature, you can use rejecting spam by defined spam level ( also from
sasl users ) before it can be delivered in on smtp level,
same works with clamav-milter , rejecting virus on income smtp level
is very sexy, i think, so perhaps this overides the cheap factor
of pure postfix rejects,
so you might use clamav-milter and if you dont need seperated users_pref
you can use spampd ( i use this on backup mx servers )
which is perl and after queue, but not complex as amavis

but no need to flame , i only can tell about my reality
which shows best results with clamav-milter, spamass-milter, dkim-milter
of course i am using other postfix restrictions massivly too
after all milter is a sendmail code i believe related to the quality and
mech of the code of used milters it safe too use them, if i ever
would have load problems i simply would use backup mx, or load balancing
, better hardware etc

> 
> 
> :-D
> 
> On Tuesday 16 December 2008 18:26:09 Robert Schetterer wrote:
>> Luis Daniel Lucio Quiroz schrieb:
>>> Is there any direct way to make SA and clamav talk thour it clam.socke
>>> file?
>>>
>>> I want to avoid amavis or mailscanner
>>>
>>> :)
>> Hi,
>> i use clamav-milter and spamass-milter with postfix
>> 2.5.5 without any Problems
>> this does the urgent jobs af spam and virus filtering
>> but amavis has much more functions then this
> 
> 


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: SA + Clamv

[Luis Daniel Lucio Quiroz <lu...@gmail.com>]

Hey Robert

I know, amavis is the best antispam machine for SA+Clamv, but I have a little 
box, 256MB or ram and no swap (dont ask why).  There for, because amavis is 
running under perl, it use alot of memory and then I'm having pipe errors.

I've found how to use SA+CLAM+Postfix without Amavis.  However, just for 
informative reasons I'll explain you why I wont use milters.

Because postfix arch. email flux is like this:
-> pre-queue filtering -> postfix filtering (queue) -> post-queue filtering ->

This suggest that all email is got first by pre -queue filtering.  This is not 
useful for heavy-load boxes because if you set this SA as a milter (postfix 
only supports milters in pre-queue) then SA will get 100% of load.

I rather prefer to set it in post-queue (i got using pipe at master.cf) 
because, postfilx filtering (such as helo restriction, fqdn restrictions, 
client restrictions, including rbl - but i'll use this in SA-) could be 
applied first and then SA only will get 60% of all mails.  In many 
installations I've set, I stop much spam using helo-fqdn restriction therefore 
SA and hole machine have a low load.  Postfix basic filtering it is much 
faster and cheaper than SA's.


:-D

On Tuesday 16 December 2008 18:26:09 Robert Schetterer wrote:
> Luis Daniel Lucio Quiroz schrieb:
> > Is there any direct way to make SA and clamav talk thour it clam.socke
> > file?
> >
> > I want to avoid amavis or mailscanner
> >
> > :)
>
> Hi,
> i use clamav-milter and spamass-milter with postfix
> 2.5.5 without any Problems
> this does the urgent jobs af spam and virus filtering
> but amavis has much more functions then this

Re: SA + Clamv

[Robert Schetterer <ro...@schetterer.org>]

Luis Daniel Lucio Quiroz schrieb:
> Is there any direct way to make SA and clamav talk thour it clam.socke file?
> 
> I want to avoid amavis or mailscanner
> 
> :)
Hi,
i use clamav-milter and spamass-milter with postfix
2.5.5 without any Problems
this does the urgent jobs af spam and virus filtering
but amavis has much more functions then this

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria