[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim virus scanning and spam scanning

On Sun, 21 Dec 2003 at 10:09:38AM -0500, hanasaki wrote:
> whats the difference between amavis-ng and milter and amavisd-new?   are 
> some going away?  which one do you use for what? or clamscan directly? 
> how can virus scanning be added?  clamscan and spam Spam assassin seem 
> to be the norms from googling.  the configuration files to integrate 
> with exim are befuddling.
##Transport section
#####ADDED FOR MAVIS AV Scan#####

  driver = pipe
  command = "/usr/bin/amavis -f <${sender_address}> -d
  prefix =
  suffix =
  check_string =
  escape_string =
  return_output = false
  return_path_add = false
  user = amavis
  group = amavis
  path = "/bin:/sbin:/usr/bin:/usr/sbin"
  current_directory = "/var/spool/amavis-ng"

##Directors Section
#Put this first, ORDER MATTERS!

  condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}"
  driver = smartuser
  transport = amavis

> the plan is too hook a virus scanner into exim4 from sarge.  any 
> thoughts are appreciated.  A copy of someone's working exim4 config 
> would be great!
> how does one integrate the following with exim?  And which do you folks 
> recommend for what reasons?
> 		SPAM
> 	Spamassassin
> 	bogofilter

Defiantly bogofilter.  Bogofilter has the ability to learn and adjust to
new spam.  I would suggest you set up a set of bogofilter dbs for each
user since what each user considers spam is different.  Then you have
your users use IMAP and create a few mailboxes for them:

MisMarkedAsGood (runs bogofilter -Ns)
MisMarkedAsBad (runs bogofilter -Sn)
MarkGood (bogofilter -n)
MarkBad (bogofilter -s)

The last two mbox files are only used if you use tristate filtering
(Good, Bad, Unsure).

Then you run cron jobs like this in the user's crontab...

4  4  *  *  *   stripdaemonmail.pl ~/Mail/MisMarkedAsBad | bogofilter -Sn ; stripdaemonmail.pl ~/Mail/MisMarkedAsBad >> /var/mail/username ; rm ~/Mail/MisMarkedAsBad ; touch ~/Mail/MisMarkedAsBad
5  4  *  *  *   stripdaemonmail.pl ~/Mail/MisMarkedAsGood | bogofilter -Ns ; rm ~/Mail/MisMarkedAsGood ; touch ~/Mail/MisMarkedAsGood
6  4  *  *  *   stripdaemonmail.pl ~/Mail/MarkBad | bogofilter -s ; rm ~/Mail/MarkBad ; touch ~/Mail/MarkBad
7  4  *  *  *   stripdaemonmail.pl ~/Mail/MarkGood | bogofilter -n ; stripdaemonmail.pl ~/Mail/MarkGood >> /var/mail/username ; rm ~/Mail/MarkGood ; touch ~/Mail/MarkGood

stripmail.pl (attached) is a simple perl script that removes mbox emails that
are left by the imap daemon.  If you find a bug in the perl script I
would definitely appreciate it if you would let me know.  Even though it
is not "formally" documented the script should be considered GPL.

The user's .procmailrc (you are using procmail, yes?) can be configured like

---------start procmailrc--------
:0 f
| bogofilter -p -u -3 -l

* ^X-Bogosity: Yes

* ^X-Bogosity: Unsure
--------end procmailrc----------

After this users move items in "Junk" to MisMarkedAsBad if it is a good
email that ended up in the "Junk" folder.  Likewise they move mails that
are spam that ended up in the Inbox to "MisMarkedAsGood".
MarkGood/MarkBad are for emails that end up in the "Unsure" folder.

Hope this helps!

> 	amavis
> 	amavisd-new

No comment about amavis/amavisd-new.

> 	clamscans

This is not related to amavis.  Amavis is responsible for parsing the
MIME and saving them to files in /tmp.  Clamscan is then used to scan
the files placed in /tmp by amavis.  Clamscan has come a long way.  They
now have over 10,000 definitions.  However, you can use commercial av's
(like Sophis) with amavis if you wish.  Last I checked several months
ago Sophis has over 80,000 definitions.

Hope this helps.

Phillip Hofmeister

wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Excuse #137: Broadcast packets on wrong frequency 

Attachment: stripdaemonmail.pl
Description: Perl program

Reply to: