I absolutely agree. We need:
MailScanner (and supporting Perl modules) ClamAV
and as part of the spamassassin package (or as addons)
pyzor DCC Razor2
ClamAV and MailScanner were protecting us against the latest virus 6 hours before McAfee had their 4319 DAT files out.
Cheers,
Phil --------------------------------------------- Phil Randal Network Engineer Herefordshire Council Hereford, UK
-----Original Message----- From: fedora-test-list-admin@redhat.com [mailto:fedora-test-list-admin@redhat.com]On Behalf Of shrek-m@gmx.de Sent: 28 January 2004 11:05 To: fedora-test-list@redhat.com Subject: a Mail virus Scanner (was Re: test)
Dennis Gilmore wrote:
though it is a good indication that we need something like
mailscanner or
amavais in Fedora somewhere.
my experiences:
http://www.amavis.org/ i tried it ~2 years agoo, i wasn´t impressed and removed it.
http://mailscanner.info i tried it ~1/2 year agoo, i was impressed. easy to install, upgrade, configure, ...
./install.sh [no problems] # chkconfig sendmail off # service sendmail stop # chkconfig MailScanner on # service MailScanner start
# upgrade_MailScanner_conf
# rpm -q mailscanner mailscanner-4.26.5-1
# rpm -q --changelog mailscanner | grep redhat
- Fr Jul 19 2002 Richard Keech rkeech@redhat.com
# grep ^[a-zA-Z] /etc/MailScanner/MailScanner.conf [......]
eg.
# grep ^[a-zA-Z] /etc/MailScanner/MailScanner.conf | grep -i virus Virus Scanning = yes Virus Scanners = sophos Virus Scanner Timeout = 300 Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = yes Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Notify Senders Of Viruses = no Virus Modify Subject = yes Virus Subject Text = {Virus?} Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Virus Scanner Definitions = %etc-dir%/virus.scanners.conf
$ grep ^[a-zA-Z] /etc/MailScanner/MailScanner.conf | grep -i spam Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Spam Score Character = s SpamScore Number Instead Of Stars = no Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Spam Modify Subject = yes Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = yes High Scoring Spam Subject Text = {Spam?} Spam List Definitions = %etc-dir%/spam.lists.conf Spam Checks = yes Spam List = ORDB-RBL Infinite-Monkeys # MAPS-RBL+ costs money (except .ac.uk) Spam Domain List = Spam Lists To Reach High Score = 5 Spam List Timeout = 10 Max Spam List Timeouts = 7 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Use SpamAssassin = yes Max SpamAssassin Size = 90000 Required SpamAssassin Score = 5 High SpamAssassin Score = 20 SpamAssassin Auto Whitelist = no SpamAssassin Prefs File = %etc-dir%/spam.assassin.prefs.conf SpamAssassin Timeout = 40 Max SpamAssassin Timeouts = 20 Check SpamAssassin If On Spam List = yes Always Include SpamAssassin Report = yes Spam Score = yes Spam Actions = deliver High Scoring Spam Actions = deliver Non Spam Actions = deliver Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Log Spam = no Log Non Spam = no SpamAssassin User State Dir = SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = Debug SpamAssassin = no
-- shrek-m
-- fedora-test-list mailing list fedora-test-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-test-list
On Wed, 28 Jan 2004, Randal, Phil wrote:
I absolutely agree. We need:
MailScanner (and supporting Perl modules) ClamAV
MailScanner is a no-go. It's not safe and loses mail, at least with Postfix
amavisd-new, OTOH, works with all the MTAs in fedora.
later, chris
Once upon a time Thursday 29 January 2004 12:40 am, Chris Ricker wrote:
On Wed, 28 Jan 2004, Randal, Phil wrote:
I absolutely agree. We need:
MailScanner (and supporting Perl modules) ClamAV
MailScanner is a no-go. It's not safe and loses mail, at least with Postfix
amavisd-new, OTOH, works with all the MTAs in fedora.
later, chris
I use mailscanner with postfix and have not lost any mails. how exactly are you losing the mail?
Dennis
On Thu, 29 Jan 2004, Dennis Gilmore wrote:
MailScanner is a no-go. It's not safe and loses mail, at least with Postfix
amavisd-new, OTOH, works with all the MTAs in fedora.
later, chris
I use mailscanner with postfix and have not lost any mails. how exactly are you losing the mail?
I'm not, because I don't use it. How do you know you haven't lost mails, though? ;-)
At any rate, look through the postfix archives. Wietse rants periodically about how / why mailscanner isn't safe with Postfix. Earlier this month he posted a long list of how it would need to be re-architected to work safely....
later, chris
Chris Ricker wrote:
On Thu, 29 Jan 2004, Dennis Gilmore wrote:
MailScanner is a no-go. It's not safe and loses mail, at least with Postfix
than i *could* say "postfix is a no-go" because i had lost emails with postfix, but i don´t. i should mention that this happened on a system "without mailscanner"
amavisd-new, OTOH, works with all the MTAs in fedora.
amavisd-new or do you mean amavis, amavisd, amavis-ng ?
I use mailscanner with postfix and have not lost any mails. how exactly are you losing the mail?
I'm not, because I don't use it. How do you know you haven't lost mails, though? ;-)
you don´t use it but you know that this is the case? i am sure you have heard about all the bugs in fedora, is fedora a "no-go" too ?
at least for sendmail/mailscanner i can *assure* you that i have lost absolutely no mail.
for postfix: http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml afair exists a patch for the last beta.
At any rate, look through the postfix archives. Wietse rants periodically about how / why mailscanner isn't safe with Postfix.
Earlier this month he posted a long list of how it would need to be re-architected to work safely....
for postfix or mailscanner ;-)
additional he could perhaps send this "long list" to "julian field"
On Wed, 28 Jan 2004, shrek-m@gmx.de wrote:
than i *could* say "postfix is a no-go" because i had lost emails with postfix, but i don´t. i should mention that this happened on a system "without mailscanner"
There's a difference between "possible to lose mail" and "guaranteed to lose mail". Postfix + mailscanner is the latter. Any MTA is the former.
amavisd-new, OTOH, works with all the MTAs in fedora.
amavisd-new or do you mean amavis, amavisd, amavis-ng ?
No, I meant amavisd-new. http://www.ijs.si/software/amavisd/
I'm not, because I don't use it. How do you know you haven't lost mails, though? ;-)
you don´t use it but you know that this is the case?
Yes.
at least for sendmail/mailscanner i can *assure* you that i have lost absolutely no mail.
sendmail / mailscanner != postfix/mailscanner
mailscanner is safe to use with sendmail, but not with postfix
for postfix: http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml afair exists a patch for the last beta.
At any rate, look through the postfix archives. Wietse rants periodically about how / why mailscanner isn't safe with Postfix.
Earlier this month he posted a long list of how it would need to be re-architected to work safely....
for postfix or mailscanner ;-)
additional he could perhaps send this "long list" to "julian field"
mailscanner directly manipulates postfix queue files. This isn't supported on postfix, and will lose mail, and is explicitly advertised by the author of postfix as "do not do this unless you want to lose mail." mailscanner does it with postfix anyway, instead of using postfix's safe published interfaces (as things like amavisd-new do). Draw your own conclusions.
later, chris