From clamav-users-bounces@lists.clamav.net Thu Apr 12 01:17:30 2007 Return-Path: X-Original-To: list@tad.clamav.net Delivered-To: list@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzdqrrynn3V3; Thu, 12 Apr 2007 01:17:30 +0200 (CEST) Received: from tad.clamav.net (localhost.localdomain [127.0.0.1]) by tad.clamav.net (Postfix) with ESMTP id 31125394085; Thu, 12 Apr 2007 01:17:21 +0200 (CEST) X-Original-To: clamav-users@tad.clamav.net Delivered-To: clamav-users@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRP73JLSKr-D for ; Thu, 12 Apr 2007 01:17:18 +0200 (CEST) Received: from mail.rudd.cc (rudd.cc [69.12.154.165]) by tad.clamav.net (Postfix) with ESMTP id C625239405A for ; Thu, 12 Apr 2007 01:17:17 +0200 (CEST) Received: from [128.114.2.223] (account john [128.114.2.223] verified) by mail.rudd.cc (CommuniGate Pro SMTP 5.1.4 _community_) with ESMTPSA id 1001982 for clamav-users@lists.clamav.net; Wed, 11 Apr 2007 16:17:16 -0700 Message-ID: <461D6C54.4090605@rudd.cc> Date: Wed, 11 Apr 2007 16:16:36 -0700 From: John Rudd User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221) MIME-Version: 1.0 To: ClamAV users ML References: <461CD008.6040308@gmx.de> <461CD311.1090901@gmx.net> <461CF5D1.6060400@inetnw.com> <461CF9E2.20606@rudd.cc> <461CFE32.3000404@inetnw.com> In-Reply-To: <461CFE32.3000404@inetnw.com> Subject: Re: [Clamav-users] error stops clamd X-BeenThere: clamav-users@lists.clamav.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: ClamAV users ML List-Id: ClamAV users ML List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: clamav-users-bounces@lists.clamav.net Errors-To: clamav-users-bounces@lists.clamav.net Dennis Peterson wrote: > John Rudd wrote: >> Dennis Peterson wrote: >> >>> You need to have better monitoring and notification, and a mail system >>> that delivers mail even if there is a fatal error in the AV tool. This >>> is hardly a ClamAV problem. >> Depends on what your goals are. >> >> For me, a reliable email system does not just mean "mail gets >> delivered". It also means that "we reliably reject detectable viruses". >> If we're letting viruses through because our pants are down (because >> our AV tool has failed), then that's not a reliable email system. >> That's a dysfunctional email system. >> >> better monitoring and notification: yes, good. >> >> letting potentially virus laden email through because your AV tool is >> down: very bad. > > Send it to your next AV tool. You don't rely on a single tool for this, > do you? A single virus detecting program? No. A single decision point about "deliver vs reject vs tempfail"? Yes. (and, "AV tool" to me means all of these programs collectively (sophos, clamav, and/or mcaffee as the detection programs, and mailscanner or mimedefang or some other milter as the decision maker) If, at the point of making the decision of "should I deliver?" I have not gotten a definitive answer to "is this message clean?" then it would be very bad to go with "deliver". There is no "next" tool to pass the decision on to, because at that point all of the available detection programs have answered. So, when you say "You need to have a mail system that delivers even if there is a fatal error in the AV tool", I say: no. A fatal error means that the collective tool hasn't been able to determine whether or not the message contains a known infection (no matter how many detection programs I'm running). Therefore, we tempfail it. I do not see any other available and acceptable outcome. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html