Milter and ClamAV

Wed Jun 30 18:21:53 PDT 2004

On Wed, 30 Jun 2004, Eric Crist wrote:

> I've just installed ClamAV with Milter support.  I was wondering how I
> would go about adding a signature at the bottom of outgoing mail to
> indicate that it has been scanned?

I wouldn't bother, for two reasons:

1.  Clamav-milter adds a couple of X- headers to the message, saying it
     was scanned.  This is what was in your message:

     X-Virus-Scanned: clamd / ClamAV version 0.72, clamav-milter version 0.72
     	on grog.secure-computing.net
     X-Virus-Status: Clean

2.  I'm not aware of any general way to add a note to the bottom of any
     message, unless you ban all multipart messages and/or attachments from
     passing through your system.  Your users/customers might complain
     about that ;)

Personally, I think the idea of such a signature is just a "feel-good" 
thing and doesn't actually add anything other than a false sense of 
security.  Depending on how often you update your virus DB files, and 
which virus it is, a message containing a virus may get through the 
scanning without detection.  For example, I've got a copy of 
W32.Spybot.Worm sitting on my disk that clamav doesn't pick up, even 
though I submitted it to them when I first received a copy of it, several 
weeks ago.  Norton/Symantec, Trend, and F-Prot all detect the virus and 
try to delete/quarantine the file.

If you really want to go ahead and do this, read the clamav-milter manpage 
and look for --signature-file.  Personally, I see no value in it.

Regards

Richard

-- 
Richard Stevenson