[SGVLUG] Adding A/V scanning to e-mail processing

[Emerson, Tom]

> -----Original Message-----
> Behalf Of Jeff Carlson
> 
> Emerson, Tom wrote:
> > Any recommendations on Anti-virus scanners that run under linux to
> > weed out windows-based viruses from e-mail [...]
> 
> All Utopian ideals aside, I second the endorsement of ClamAV.

sounds fair -- now I think I know what *I'll* be doing this weekend :)

> > Also, what techniques do people recommend to add this to the e-mail
> > processing cycle in the first place [using postfix]. [...]
> 
> I don't use postfix, actually preferring sendmail.  I use 
> milter-clamav, which I believe is a part of the ClamAV suite. 

A little more internet reading reveals that the popular choice is called "amavisd-new", which is more of an "smtp proxy" that handles calling the actual scanner programs.  A decent tutorial can be found here:
   http://www.linuxplanet.com/linuxplanet/tutorials/5561/1/
and searching for "amavis spamassassin suse" reveals plenty of other related links

> Finally, I prefer to run SpamAssassin from procmail.  All the 
> SpamAssassin milters I have found seem to just apply one pass of 
> SpamAssassin over an incoming message, meaning only one 
> configuration is consulted, and thus users can't customize SpamAssassin settings. 

This (may) be one benefit of running postfix instead of sendmail -- postfix DOES allow you per-user calls to spamassassin, and by extension, per-user preferences.  It takes a bit of getting it pounded-into-my-head, but essentially incoming e-mail is rerouted to a "filter" [milter] process; this in turn will re-submit the e-mail, but since it comes from a different "source", it doesn't get passed to spamassassin.  when re-routing a message to a filter, postfix allows the use of variables such as "$(user)", "$(sender)", "$(recipient)", and so on.  Upon cleaning/tagging, the "local delivery" path is taken instead of the "route through spamassassin".