Re: Re: [LIH] amavis on qmail

[Nikhil Datta <nikhild@xxxxxxx>]

> Amavis is a set of perl scripts designed to interface antivirus programs like
> Kaspersky AVP and NAI UVScan with a mailserver.  Amavis is free - the
> antivirus programs are not free though.
> 
> I use it here with exim - works great.

The problem with amavis (which I have been using for yars with sendmail), is
that it is procmail based. Which means that if you have a single email
destined for 50 users on a single server, the mail (with all the clutziness
associated with the way amavis takes the mail, changes the headers, scans
it, redirects back etc. etc.) is scanned 50 times.

Also, with amavis, you can't smtp-bounce a message if it is infected (yes,
you can generate a new mail to the sender, but you can't bounce it).
Similarly, you can't just strip an infected attachment and send the file on
to the recepient with a warning attached.

Finally : amavis does'nt scan outgoing mail (for which you need another,
even dirtier hack, called outmail). Trust me - in the end - it's all a mess.

IIRC, even .forward files don't work anymore with amavis.

I had hacked together a solution using mimedefang + sendmail 8.11 beta with
milter API support + amavis scanning code. The advantage is that all
scanning is does *in process* in sendmail, you can do cool stuff like bounce
messages back etc, selectively strip attachments etc, and it doesn't load
your CPU like amavis can.

I'd pass it on to anyone who wants, with a warning : it is buggy, and for
some reason, every couple of days you have to kill a lot of zombie uvscan
processes which hang around for some reason my coding skills are too
mediocre to solve.

Anyway, I believe this is the *better* approach. You could try to hack your
own.

wr,
nikk