[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[3]: [vps-mail] Separate Mail Server

Subject: Re: Re[3]: [vps-mail] Separate Mail Server
From: Abigail Marshall <abigail@xxxxxxxxxxxx>
Date: Tue, 28 Sep 2004 10:49:53 -0700 (PDT)

--- Alvin Tan <alvintan@xxxxxxxxxxxxxxx> wrote:

> Hi,
> 
> Sorry to bring up an old subject, but I'm wondering
> if someone clarify 
> something for me. My Vsnag works great, but is the
> Whitelist definitions in 
> procmailrc recognized by vsnag? 

Is your procmail whitelist run ahead of vsnag? The
FIRST thing that procmail should run is the whitelist;
whitelisted mail should not be processed by any of the
other recipes.

-Abigail


> @
> 
> At 05:52 PM 9/23/2004, you wrote:
> 
> > > How do you force procmail (and virussnag.rc) to
> run before ClamAV? I
> > > thought procmail was run just before the mail
> hits the mailbox and that's
> > > why it doesn't run on mail forwarded off the
> server to an external mailbox?
> >
> >I'm running Clamav FROM procmail - the procmail
> file looks
> >like this:
> >
> >VERBOSE=off
> >LOGABSTRACT=yes
> >COMSAT=no
> >LOGFILE=/var/log/procmail.log
> >
> ># Whitelist - Email that should get always get
> through:
> >:0 H:
> >* 1100^0 ^To:.*abuse@
> >* 1100^0 ^From:.*root@mydomain\.com
> >$DEFAULT
> >
> >#####################################
> ># Scan Mail for Viruses:
> >#####################################
> >
> >## My Custom Antivirus File:
> >INCLUDERC=/usr/local/etc/XVirus.rc
> >
> >## Virus Snaggers, ver. 1.6.1
> >## See
> http://www.spamless.us/pub/procmail/virussnag.rc
> >MYVIRUS = /var/mail/quarantine/virussnag
> >INCLUDERC=/usr/local/etc/virussnag.rc
> >
> >
> >## BEGIN ClamAV version 0.67-1
> >
> >TMPLOGFILE=$LOGFILE
> >TMPLOGABSTRACT=$LOGABSTRACT
> >TMPLOGABSTRACT=$LOGABSTRACT
> >TMPVERBOSE=$VERBOSE
> >
> >LOGFILE=/var/log/procmail.clamav
> >LOGABSTRACT=yes
> >VERBOSE=off
> >NL="
> >"
> >
> >:0
> >CLAMAV=|/usr/local/bin/clamscan --disable-summary
> --stdout --mbox -
> >
> >:0
> >* CLAMAV ?? .*: \/.* FOUND
> >{
> >   LOG="Possible virus ${MATCH}${NL}"
> >
> >   :0 fhw
> >   | formail -a"X-ClamAV: ${MATCH}"
> >}
> >
> >:0E fhw
> >| formail -a"X-ClamAV: clean"
> >
> >:0
> >* ^X-ClamAV: \/.*
> >* ! MATCH ?? ^^clean^^
> >
> >/dev/null
> >
> >LOGFILE=$TMPLOGFILE
> >LOGABSTRACT=$TMPLOGABSTRACT
> >VERBOSE=$TMPVERBOSE
> >
> >## END ClamAV version 0.67-1
> >
> >
> >++++++++
> >
> >I'd also recommend running ClamAV only for files
> larger than
> >a certain size (I just haven't gotten around to
> putting that
> >in my recipe - and since I haven't had load
> problems, it's
> >not that much of an issue for me). The largest
> files I see
> >being caught by ClamAV are about 75K, so you would
> probably
> >be very safe to have ClamAV invoked only for files
> less than
> >200K.
> >
> >I would note that my custom AV file automatically
> screens
> >out almost all executable attachments, and that can
> be done
> >by merely scanning the headers for the type of
> attachments,
> >which is very quick & minimal server load.
> >
> >-Abigail
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > Andy
> >
> >
> > > At 05:27 PM 9/22/2004 -0700, you wrote:
> >
> > >> >> Are you suggesting that I not use ClamAV, or
> just implement it some 
> > other
> > >> >> way?
> > >>
> > >> > There is nothing inherently wrong with
> spawning extra processes--as long
> > >> > as your server has sufficient resources.
> Sendmail spawns a new process
> > >> > with every incoming e-mail (for example).
> > >>
> > >> > I am so dependent on ClamAV for snagging
> viruses that I would get a 
> > bigger
> > >> > server before even thinking about not using
> ClamAV.
> > >>
> > >>You can cut down somewhat on the ClamAV load by
> running some
> > >>simple procmail recipes ahead of ClamAV, that
> will screen
> > >>for some of the more common viruses or
> disallowed types of
> > >>attachments.  I also use the virussnag.rc script
> and run it
> > >>ahead of ClamAV.
> > >>
> > >>
> > >>-Abigail
> > >>
> > >>
> >
>
>>======================================================================
> > >>This is <vps-mail@xxxxxxxxxxxx>
> > >><http://www.perlcode.org/lists/>
> > >>Before posting a question, please search the
> archives (see above URL).
> > >>
> > >>
> > >>
> > >>---
> > >>Incoming mail is certified Virus Free.
> > >>Checked by AVG anti-virus system
> (http://www.grisoft.com).
> > >>Version: 6.0.768 / Virus Database: 515 - Release
> Date: 9/22/2004
> >
> > >
>
--------------------------------------------------------------------
> > > PROTEUS - new anti-spam, anti-virus solution
> > > www.proteus.lu
> >
> > > FOCUS Internet Services
> > > Domains, Design, Hosting, Custom Applications,
> E-Commerce
> > > 106 rue de Mersch, L-8181 KOPSTAL, Luxembourg
> > > tel. (+352) 305 197
> > > fax (+352) 305 188
> > > www.focus.lu
> >
>
>======================================================================
> >This is <vps-mail@xxxxxxxxxxxx>      
> <http://www.perlcode.org/lists/>
> >Before posting a question, please search the
> archives (see above URL).
> 
=== message truncated ===

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re: Re[3]: [vps-mail] Separate Mail Server
  - From: Alvin Tan

References:
- Re[3]: [vps-mail] Separate Mail Server
  - From: Alvin Tan

Prev by Date: Re: [vps-mail] Packet filter
Next by Date: Re: Re[3]: [vps-mail] Separate Mail Server
Previous by thread: Re[3]: [vps-mail] Separate Mail Server
Next by thread: Re: Re[3]: [vps-mail] Separate Mail Server
Index(es):
- Date
- Thread

Main Index | Thread Index