Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)

To: debian-user@lists.debian.org
Subject: Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
From: Paul Johnson <baloo@ursine.ca>
Date: Wed, 8 Oct 2003 01:24:27 -0700
Message-id: <[🔎] 20031008082427.GE23103@ursine.ca>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200310072205.43010.kjetil@kjernsmo.net>
References: <[🔎] 20031007153153.761.qmail@web14708.mail.yahoo.com> <[🔎] 200310071348.24935.alfredo@bioinfo.cu> <[🔎] 200310072205.43010.kjetil@kjernsmo.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Oct 07, 2003 at 10:05:43PM +0200, Kjetil Kjernsmo wrote:
> Yeah, that's one option. I considered it, but the problem is, if you 
> feed the learner with tons of similar viruses, how good will it be to 
> kill spam...?

Bayesian filtering goes on what *you* consider spam, not the
traditional definition.

> Also, if you feed those to Vipul's Razor, what would it 
> mean for Razor....? 

Potentially, the virus infected messages get flagged as spam by razor,
which isn't neccisarilly a Bad Thing.

> I'm working on it right now, actually. I have just upgraded my mail 
> server to Exim4. I think I would recommend that to everyone. If you ask 
> for help on the Exim users list about Exim 3, people don't remember 
> what it was like running Exim 3 anymore, so you're quite lost... :-)

Which is really strange, since it's the same MTA, just different
layout of the configs which makes it easier to take advantage of the
more advanced features.

> What I've done is to install exim4-daemon-heavy and clamav-daemon, then 
> have a DATA ACL reject certain executables, then pass it to clamd if 
> that didn't do the trick. They are rejected in the SMTP dialogue, if I 
> got this right (somebody correct me if I'm wrong, ASAP :-) ), so the 
> bounce doesn't hit an innocent bystander.

I wouldn't reject arbitrarily on filenames but the rest sounds good.

> Before I run along to the sa-exim mailing list, has anybody here got it 
> working?

I've been curious on how to tie in virus scanning to sa-exim as well,
post it to this list if you figure it out.

- -- 
 .''`.     Paul Johnson <baloo@ursine.ca>
: :'  :    
`. `'`     proud Debian admin and user
  `-  Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/g8m7UzgNqloQMwcRAsRkAJ9vVB0bDk0uHFvEHs5XCJu0IsXIrwCgqC3+
BNaxJmQRi1MmAmthGgoDHOo=
=PREa
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
  - From: Steve Lamb <grey@dmiyu.org>

References:
- SWEN isn't slowing down
  - From: A P <ap1269@yahoo.com>
- Re: SWEN isn't slowing down
  - From: Alfredo Valles <alfredo@bioinfo.cu>
- Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>

Prev by Date: static compilation; gethostbyname; running on other systems
Next by Date: Re: Exim4, Clamav, SA-Exim,
Previous by thread: Re: Exim4, Clamav, SA-Exim,
Next by thread: Re: Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
Index(es):
- Date
- Thread