Re: Does email server OS needs clamav?

To: Sthu Deus <sthu.deus@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: Does email server OS needs clamav?
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sat, 5 Dec 2009 16:44:01 -0200
Message-id: <[🔎] 20091205184401.GA11161@khazad-dum.debian.net>
In-reply-to: <[🔎] 4b168a11.095c5e0a.45cc.ffffccbf@mx.google.com>
References: <[🔎] 4b168a11.095c5e0a.45cc.ffffccbf@mx.google.com>

On Wed, 02 Dec 2009, Sthu Deus wrote:
> Do I need clamav mail check on mail server - if I would leave it to

Clamav is fast (if you configure it right), and will let you reject a
truckload of dangerous artifacts before they hit the content filters, saving
on resources AND adding an extra layer of protection for the end users.

If you use amavisd-new to plug clamav to the MTA, and you configure
amavisd-new and clamav correctly so as to not lose mail on false positives,
you can also use the spam/malware signature databases in
www.sanesecurity.org, to aid spamassassin.  Clamav is an order of magnitude
faster than spamassassin for signature-based rules.

> their machines) - the every letter they get? - What does clamav protects:
> the email server or the end user (at its own machine)?

Depends on how you use it.  I don't know anyone who uses clamav to "protect
the server", you protect an Unix server by properly hardening it, the
falsehoods of the "file scanner industry" have not taken root on Unix land
yet.

But an AV like clamav in the mail path _does_ protect the end user, as the
artifacts will be stopped before they get close to the user.  Everyone I
know that deploy MTAs professionaly have either clamav or a commercial AV in
the mail path, and often both.

> PS I want to remove it because I suppose that in case clamav blesses
> users' life and not server's - by removing clamav I can close one
> potential security whole.

Yes, you do close a potential source security holes, but you will be doing
so at the expense of your users' safety.  At that point, you might as well
drop any content filter like amavisd-new and spamassassin (which would also
be a potential source of security holes), and use just plain postfix.  You
will have a lightning fast MTA, that adds almost _no_ value to your users
since it will forward tons of spam and malware to their inboxes...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Does email server OS needs clamav?
  - From: Sthu Deus <sthu.deus@gmail.com>

Prev by Date: Re: no sound on debian squeeze
Next by Date: Re: Does email server OS needs clamav?
Previous by thread: Re: Does email server OS needs clamav?
Next by thread: XBM support in PHP5-GD Lenny
Index(es):
- Date
- Thread