clamav-users August 2008 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] simplest replacement for ancien

Re: [Clamav-users] simplest replacement for ancient amavis-perl

From: G.W. Haywood <ged_at_nospam>
Date: Sat Aug 09 2008 - 12:41:27 GMT

Hi all,

On Sat, 9 Aug 2008 wrote:

> all kinds of different takes on it :)

FWIW, as you know by now I'm in the 'let them know there's a problem' camp. But, well, it was just a suggestion. It was interesting so see the response to my post, obviously there are some strong feelings. Yes we do very occasionally see hundreds of thousands of backscatter mail messages. No, it isn't an embarrassment, our automatic defences will quickly shut them down, and I don't feel I want to kill the messenger.

To take this one stage further, I think simply using ClamAV to block all your spam might be too simplistic; it's possible to deal with the vast majority of junk relatively painlessly, and leave ClamAV and such resource-intensive processes to deal with the rest. We generally use seven different milters. They log their actions, and a couple of Perl scripts scan the logs for various patterns of activity. The scripts will write firewall rules when the activity triggers some criterion, and hey presto no more crap from that particular source. It might be argued (I expect it probably will...:) that this is yet another source of backscatter, but I really don't see how I can be expected to run a mailserver just so that people can send spam to it without causing any inconvenience for anyone else. It's garbage. I don't want it. Period.

On the point about accepting and then rejecting, no, you misunderstand the SMTP conversation. It is perfectly possible to read an entire mail message and yet still reject it. That's in part what ClamAV is about - you can't know if there's a nasty payload unless you've read it. Then you have to decide what to do about it.

Let's all try to remember that the villains in the piece are the criminals. They make all this wasted effort necessary. If there are problems, by and large it's the criminals that cause them. Perhaps you might include incompetent, careless, witless and, if you wish, uncompromising computer operators, but they're not the root cause. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit