Author: Alan J. Flavell Date: To: Exim-users Subject: Re: [Fwd: [exim] deferring when clamd/spamd is down]
On Mon, 28 Feb 2005, Ian Eiloart wrote:
> --On February 23, 2005 18:21:05 +0100 exim-users@??? wrote:
>
> > Why do you use defer_ok? Doing so, you tell exim to accept the
> > mail even though it wasn't scanned!
>
> Because clamav can be killed by certain incoming email - at least
> that has been the case, I'm not sure that it still is. If that
> happens, I don't want to lose *all* my incoming mail.
There's no reason you should *lose* any genuine incoming mail, if
you defer the sender. It'll just get delayed.
Some spammers (pump-and-dump style) don't try again after a defer -
but I can live with that possibility...
> clamav's instability (if it still exists) makes it vulnerable to a
> denial of service attack. I don't want my SMTP service to vulnerable
> to that same attack - which would be the effect if I didn't use
> defer_ok.
For what it's worth, we've been using clamav for a while now, and we
don't experience "instability"[1]. But even if we did, I don't want
to be accepting known viruses while clamd is upset.
> Another possibility is that I misconfigure clamav, and it simply
> won't start. Again, I don't want to lose my mail service.
So watch the logs for unexplained defers.
hope that helps
[1] According to the log, ours has been running since Friday:
Fri Feb 25 12:18:20 2005 -> +++ Started at Fri Feb 25 12:18:20 2005
Fri Feb 25 12:18:20 2005 -> clamd daemon 0.83 (OS: linux-gnu, ARCH:
x86_64, CPU: x86_64)
