Loading ...
Sorry, an error occurred while loading the content.
 

Re: clamd with clamsmtp vs mailscanner

Expand Messages
  • Noel Jones
    ... Neither. If you only want to do virus scanning, use the clamav-milter included with clamav. Mailscanner is not recommended for use with postfix.
    Message 1 of 11 , Jan 31, 2013
      On 1/31/2013 5:59 AM, Muhammad Yousuf Khan wrote:
      > i wanted to have an experienced suggestion from Pros. i have been
      > going through from different steps deploying clamav and spamassassin,
      > one is "mailscanner" and seccond one is "clamd with clamsmtp"
      > in your expert opinion which one is the right track to choose. like
      > which one is efficient in perspective of hardware utilization /
      > resources utilization , complexity and more appropriate approach
      > towards stable deployment.
      >
      > Thanks
      >


      Neither. If you only want to do virus scanning, use the
      clamav-milter included with clamav.

      Mailscanner is "not recommended" for use with postfix. clamsmtp is
      more complicated than using the bundled clamav-milter.

      clamav-milter integrates easily with postfix, is reliable, and has
      fewer third-party dependencies compared to the other choices.


      Also consider using the add-on Sanesecurity anti-spam signatures for
      clamav. I've found them to be quite useful with very low false
      positives.
      http://www.sanesecurity.com/



      -- Noel Jones
    • Muhammad Yousuf Khan
      ... since i am new and just trying to explore things so would you please share why not mailscanner? for my learning Thanks,
      Message 2 of 11 , Jan 31, 2013
        On Thu, Jan 31, 2013 at 5:33 PM, Noel Jones <njones@...> wrote:
        > On 1/31/2013 5:59 AM, Muhammad Yousuf Khan wrote:
        >> i wanted to have an experienced suggestion from Pros. i have been
        >> going through from different steps deploying clamav and spamassassin,
        >> one is "mailscanner" and seccond one is "clamd with clamsmtp"
        >> in your expert opinion which one is the right track to choose. like
        >> which one is efficient in perspective of hardware utilization /
        >> resources utilization , complexity and more appropriate approach
        >> towards stable deployment.
        >>
        >> Thanks
        >>
        >
        >
        > Neither. If you only want to do virus scanning, use the
        > clamav-milter included with clamav.
        >
        > Mailscanner is "not recommended" for use with postfix. clamsmtp is
        > more complicated than using the bundled clamav-milter.
        >
        since i am new and just trying to explore things so would you please
        share why not mailscanner? for my learning

        Thanks,




        > clamav-milter integrates easily with postfix, is reliable, and has
        > fewer third-party dependencies compared to the other choices.
        >
        >
        > Also consider using the add-on Sanesecurity anti-spam signatures for
        > clamav. I've found them to be quite useful with very low false
        > positives.
        > http://www.sanesecurity.com/
        >
        >
        >
        > -- Noel Jones
      • Noel Jones
        ... mailscanner manipulates the postfix queue in an unsafe manner, with a very real possibility of silently lost or truncated messages. This is unfortunate,
        Message 3 of 11 , Jan 31, 2013
          On 1/31/2013 7:21 AM, Muhammad Yousuf Khan wrote:
          >> Mailscanner is "not recommended" for use with postfix. clamsmtp is
          >> more complicated than using the bundled clamav-milter.
          >>
          > since i am new and just trying to explore things so would you please
          > share why not mailscanner? for my learning
          >

          mailscanner manipulates the postfix queue in an unsafe manner, with
          a very real possibility of silently lost or truncated messages.
          This is unfortunate, since mailscanner has an impressive feature set.

          From http://www.postfix.org/addon.html#content:

          "mailscanner system, works with Postfix and other MTAs. WARNING:
          This software uses unsupported methods to manipulate Postfix queue
          files directly. This will result in corruption or loss of mail. The
          mailscanner authors have sofar refused to discuss a proper access
          API or protocol".


          I'm sure there are lots of "works for me" reports. There are also
          documented cases of silent failure in the list archive.
        • Scott Kitterman
          ... What third party dependency does clamsmtp require that isn t also required by clamav-milter? Scott K
          Message 4 of 11 , Jan 31, 2013
            On Thursday, January 31, 2013 06:33:45 AM Noel Jones wrote:
            > On 1/31/2013 5:59 AM, Muhammad Yousuf Khan wrote:
            > > i wanted to have an experienced suggestion from Pros. i have been
            > > going through from different steps deploying clamav and spamassassin,
            > > one is "mailscanner" and seccond one is "clamd with clamsmtp"
            > > in your expert opinion which one is the right track to choose. like
            > > which one is efficient in perspective of hardware utilization /
            > > resources utilization , complexity and more appropriate approach
            > > towards stable deployment.
            > >
            > > Thanks
            >
            > Neither. If you only want to do virus scanning, use the
            > clamav-milter included with clamav.
            >
            > Mailscanner is "not recommended" for use with postfix. clamsmtp is
            > more complicated than using the bundled clamav-milter.
            >
            > clamav-milter integrates easily with postfix, is reliable, and has
            > fewer third-party dependencies compared to the other choices.

            What third party dependency does clamsmtp require that isn't also required by
            clamav-milter?

            Scott K
          • Noel Jones
            ... Other than the obvious? -- Noel Jones
            Message 5 of 11 , Jan 31, 2013
              On 1/31/2013 8:26 AM, Scott Kitterman wrote:
              > On Thursday, January 31, 2013 06:33:45 AM Noel Jones wrote:
              >> On 1/31/2013 5:59 AM, Muhammad Yousuf Khan wrote:
              >>> i wanted to have an experienced suggestion from Pros. i have been
              >>> going through from different steps deploying clamav and spamassassin,
              >>> one is "mailscanner" and seccond one is "clamd with clamsmtp"
              >>> in your expert opinion which one is the right track to choose. like
              >>> which one is efficient in perspective of hardware utilization /
              >>> resources utilization , complexity and more appropriate approach
              >>> towards stable deployment.
              >>>
              >>> Thanks
              >>
              >> Neither. If you only want to do virus scanning, use the
              >> clamav-milter included with clamav.
              >>
              >> Mailscanner is "not recommended" for use with postfix. clamsmtp is
              >> more complicated than using the bundled clamav-milter.
              >>
              >> clamav-milter integrates easily with postfix, is reliable, and has
              >> fewer third-party dependencies compared to the other choices.
              >
              > What third party dependency does clamsmtp require that isn't also required by
              > clamav-milter?
              >
              > Scott K
              >


              Other than the obvious?




              -- Noel Jones
            • Thomas Leuxner
              ... That is a tad bit vague. When I looked at the milter some (long) time ago, it was far less intuitive than a dedicated SMTP interface. It also gave very
              Message 6 of 11 , Jan 31, 2013
                * Noel Jones <njones@...> 2013.01.31 18:23:

                > Other than the obvious?

                That is a tad bit vague. When I looked at the milter some (long) time ago, it was far less intuitive than a dedicated SMTP interface. It also gave very little to no messages indicating it actually processed mail. I went with clamsmtp at that time which never failed me and ran without any hiccups happily ever after. It even provides the ability to trigger event driven actions - whether you need that feature or not. I'm lacking background on milter interfaces vs. SMTP servers, but my gut feeling is that the latter is far more scalable.

                Regards
                Thomas
              • Noel Jones
                ... Hash: SHA1 ... Mostly I was referring to mailscanner as having more third-party dependencies, but clamsmtp has the obvious dependency of itself, whereas
                Message 7 of 11 , Jan 31, 2013
                  -----BEGIN PGP SIGNED MESSAGE-----
                  Hash: SHA1

                  On 1/31/2013 1:40 PM, Thomas Leuxner wrote:
                  > * Noel Jones <njones@...> 2013.01.31 18:23:
                  >
                  >> Other than the obvious?
                  >
                  > That is a tad bit vague. When I looked at the milter some
                  > (long) time ago, it was far less intuitive than a dedicated
                  > SMTP interface. It also gave very little to no messages
                  > indicating it actually processed mail. I went with clamsmtp at
                  > that time which never failed me and ran without any hiccups
                  > happily ever after. It even provides the ability to trigger
                  > event driven actions - whether you need that feature or not.
                  > I'm lacking background on milter interfaces vs. SMTP servers,
                  > but my gut feeling is that the latter is far more scalable.
                  >
                  > Regards Thomas
                  >

                  Mostly I was referring to mailscanner as having more third-party
                  dependencies, but clamsmtp has the obvious dependency of itself,
                  whereas clamav-milter is included with & maintained by the clamav
                  team.

                  The postfix <> milter interface is dirt-simple to set up, and
                  doesn't suffer from the double-hop performance penalty of a proxy.
                  That said, I expect real-world performance to be close enough
                  that it's not a deciding factor.

                  With milter, you also get the (questionable, but important to some
                  folks) ability to specify a default action when the back end breaks.
                  http://www.postfix.org/postconf.5.html#milter_default_action

                  You're right that clamav-milter doesn't spam your logs with
                  unnecessary "Still working! Clean mail!" messages; that's probably
                  a good thing. You can always turn on debugging during
                  install/testing to see if it's really working.

                  The clamav-milter is also not particularly flexible. Its "virus"
                  actions are limited to "reject" or "quarantine" (hold), globally
                  configured.
                  When I need something more flexible, I prefer amavisd-new, which
                  is high-performance, high-reliability, very flexible, and can be
                  used as a proxy or milter.

                  I think that's enough on this subject.


                  -- Noel Jones
                  -----BEGIN PGP SIGNATURE-----
                  Version: GnuPG v2.0.17 (MingW32)
                  Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

                  iQEcBAEBAgAGBQJRCtPbAAoJEJGRUHb5Oh6guFYH/RPohx0DYo72o3LuucngVSiD
                  ijTtlz73t6nKF9J8AF/r8Ck3bMzcRJgTtAuAbCbTTuDUb9K7oTpztlUs1qfhZ8iB
                  JD2ucZZmRXHOGsKbTXO8qyXOqfHQJQOKpn56WJ0DpFb8QfbztOfPXJyOeGrVC4/g
                  KfBKK6szz0RiKJ2oK1rzKbFvruywOYiw2bRzECaIoGrzj0Fu3w/zZ0WrRPMMFh/X
                  yp2bclAUU9IqslZPJ1WxbkPWbQWhbcXdoP34Zb5ZA2m+jX+pZ9JpdxoFhAQIv2Du
                  jsghgUSgqr+1GV/WnQAzIr9LDp4Uw0KkTdWS/ItrRnNk0MjKUAmvrJUoaHSjMkU=
                  =eBXU
                  -----END PGP SIGNATURE-----
                • John Allen
                  ... Why not use Amavis-new as the mail scanner. It will handle the hand off to spamassassin and clamav and the return of scanned mail to postfix and there are
                  Message 8 of 11 , Jan 31, 2013

                    On 31/01/2013 6:59 AM, Muhammad Yousuf Khan wrote:
                    i wanted to have an experienced suggestion from Pros. i have been
                    going through from different steps deploying clamav and spamassassin,
                    one is "mailscanner" and seccond one is "clamd with clamsmtp"
                    in your expert opinion which one is the right track to choose. like
                    which one is efficient in perspective of hardware utilization /
                    resources utilization , complexity and more appropriate approach
                    towards stable deployment.
                    
                    Thanks
                    
                    Why not use Amavis-new as the mail scanner. It will handle the hand off to spamassassin and clamav and the return of scanned mail to postfix and there are several very good "How to"s on setting it up.

                    Today's mighty Oak is yesterday's nut that held it's ground. - Margaret Bailey

                    Sent using Mozilla Thunderbird



                  • Muhammad Yousuf Khan
                    Thanks all for all your support :) its been very helpful
                    Message 9 of 11 , Jan 31, 2013
                      Thanks all for all your support :) its been very helpful

                      On Fri, Feb 1, 2013 at 1:29 AM, John Allen <john@...> wrote:
                      >
                      > On 31/01/2013 6:59 AM, Muhammad Yousuf Khan wrote:
                      >
                      > i wanted to have an experienced suggestion from Pros. i have been
                      > going through from different steps deploying clamav and spamassassin,
                      > one is "mailscanner" and seccond one is "clamd with clamsmtp"
                      > in your expert opinion which one is the right track to choose. like
                      > which one is efficient in perspective of hardware utilization /
                      > resources utilization , complexity and more appropriate approach
                      > towards stable deployment.
                      >
                      > Thanks
                      >
                      > Why not use Amavis-new as the mail scanner. It will handle the hand off to
                      > spamassassin and clamav and the return of scanned mail to postfix and there
                      > are several very good "How to"s on setting it up.
                      >
                      > Today's mighty Oak is yesterday's nut that held it's ground. - Margaret
                      > Bailey
                      >
                      > Sent using Mozilla Thunderbird
                      >
                      >
                      >
                    • Scott Kitterman
                      ... Personally, I use clamsmtp for virus scanning only and amavisd-new if the requirement is for both virus and spam scanning. They all have their advantages.
                      Message 10 of 11 , Jan 31, 2013
                        On Thursday, January 31, 2013 03:29:31 PM John Allen wrote:
                        > On 31/01/2013 6:59 AM, Muhammad Yousuf Khan wrote:
                        > > i wanted to have an experienced suggestion from Pros. i have been
                        > > going through from different steps deploying clamav and spamassassin,
                        > > one is "mailscanner" and seccond one is "clamd with clamsmtp"
                        > > in your expert opinion which one is the right track to choose. like
                        > > which one is efficient in perspective of hardware utilization /
                        > > resources utilization , complexity and more appropriate approach
                        > > towards stable deployment.
                        > >
                        > > Thanks
                        >
                        > Why not use Amavis-new as the mail scanner. It will handle the hand off
                        > to spamassassin and clamav and the return of scanned mail to postfix and
                        > there are several very good "How to"s on setting it up.

                        Personally, I use clamsmtp for virus scanning only and amavisd-new if the
                        requirement is for both virus and spam scanning. They all have their
                        advantages.

                        It also depends a bit on what O/S distribution you're using. In
                        Debian/Ubuntu, none of the people who maintain clamav use the milter so it
                        gets very light testing at the distribution level.

                        Scott K
                      Your message has been successfully submitted and would be delivered to recipients shortly.