QUOTED_MESSAGE: > Of course, this is assuming he has Procmail installed > (I have the exact same setup, just no procmail). > > > I adjusted the advosys script to call CLAMSCAN and scan > the whole email. this leaves a blank email if positive, if > the email is blank, i drop it. If it's not, it gets passed > through anomy for further filtering. (it's not that i > don't trust clamav, i don't trust any antivirus system > 100%). And believe it or not, it's FAST. > > it's simple, clean (one script with options for piping > to a directory for further review if need be) and easily is > handling an avg of 25k to 45k emails a day for 3k users on > a server that also gets over 3 million web hits a month. > and it's just a dual 1GHz with 2 gigs ram and a sucky drive > system. we are in the middle of seperating out the web > services to 4 load balanced web servers, an email server, > and an AV/Spamassassin server. Not due to slowness mind > you, but to bring the OS up to date and we were running out > of drive space. > > I have 11 instances of spamd running at all times, and > four have less than 10 seconds of CPU time in the last > month: > >   8:59pm up 33 days, 4:43, 2 users, load > average: 0.37, 0.45, 0.82 143 processes: 141 sleeping, 1 > running, 1 zombie, 0 stopped CPU0 states: 2.0% user, 4.0% > system, 0.0% nice, 93.0% idle CPU1 states: 0.0% user, > 0.0% system, 0.0% nice, 100.0% idle Mem: 2064828K av, > 1806196K used, 258632K free, 0K shrd, 204368K buff > Swap: 2040212K av, 77424K used, 1962788K free > 1134668K cached > >   PID USER PRI NI SIZE RSS SHARE STAT > %CPU %MEM TIME COMMAND >  1137 filter 9 0 22800 1372 448 S > 0.0 0.0 0:07 spamd 25285 filter 9 0 30660 > 25M 1712 S 0.0 1.2 1:39 > spamd >  8759 filter 9 0 31424 25M 1772 S > 0.0 1.2 0:49 spamd 12278 filter 9 0 30228 > 24M 1784 S 0.0 1.2 0:34 spamd 16183 filter > 9 0 32492 26M 1784 S 0.0 1.3 0:29 spamd > 20004 filter 9 0 34624 29M 1784 S 0.0 > 1.4 0:22 spamd 20158 filter 9 0 28972 23M 1792 > S 0.0 1.1 0:15 spamd 21057 filter 9 0 > 30052 24M 1792 S 0.0 1.2 0:14 spamd 22470 > filter 9 0 27036 21M 1776 S 0.0 1.0 > 0:07 spamd 22570 filter 9 0 27976 22M 1760 S > 0.0 1.1 0:06 spamd 23002 filter 9 0 27364 > 21M 1764 S 0.0 1.0 0:05 > spamd > > with an uptime of 33 days > > It should be simple to setup here's a snippet of my > filter.sh: > > # Exit codes from <sysexits.h> > EX_TEMPFAIL=75 > EX_UNAVAILABLE=69 > > cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; > exit $EX_TEMPFAIL; } > > # Clean up when done or when aborting. trap "rm -f > out.$$" 0 1 2 3 15 > > # Pipe message through SA to a temp file: cat | $SPAMC > -f -d localhost -p 783 -u filter > out.$$ > > # Are there more than $SPAMLIMIT stars in X-Spam-Level > header? : if $EGREP -q "^X-Spam-Level: > \*{$SPAMLIMIT,}" < out.$$ then >         # > Option 1: Move high scoring messages to sideline dir so a > human can look at them later: >         # mv > out.$$ $SIDELINE_DIR >         # > Option 2: Divert to an alternate e-mail address: >         # > (Comment out the above, then uncomment next line to use this > option) >         # > $SENDMAIL 137176@xyz.molar.is < out.$$ >         # > Option 3: Delete the message >           rm > -f out.$$ else > #run through clamav and dump to a directory for further > review? >         #$CLAMSCAN > -v --mbox --unzip=/usr/bin/unzip --move=/tmp/quarentine -l > /var/log/avmail < out.$$ >         #run > through clamav and delete(default) >         $CLAMSCAN > -v --mbox --unzip=/usr/bin/unzip --remove -l /var/log/avmail > > < out.$$ > > > And you can probably set up a better removal tool, in > fact i'm embarrased to show it, as i have the scripting > prowess of a speedbump, any offers for a clean solution to > removing the empty emails in a line or two would be HIGHLY > appreciated. > > Anthony > > On Monday 17 January 2005 05:21 pm, you > wrote: [SNIP]

  EKKI skrifa neitt hér: