MailScanner has support for many anti-virus programs and integrates with SpamAssassin, which is finally active again (it may not have been inactive, but since SARE went offline it was fairly useless at blocking new Spam). This is extremely important because the Spam rules must be updated at all times.
It seems there is just not one tool that does everything. So I finally decided on using:
ClamAV (via clamD)
And to add to the web based management capabilities I chose to use Webmin as well.
Postfix was trivial to get working without a SQL backend. It is important to have Postfix working before you add in MailScanner. MailScanner requires the MTA, Anti-Virus, and Spam Assassin to be pre-installed. The install script that comes with MailScanner is very good at resolving dependencies. Even so, the key to integrating everything is to pay very close attention to permissions. MailScanner runs as the Postfix user, this is crucial. ClamAV however generally runs as the clam or clamav user. User permissions are the worst issues to overcome. Here is what I ended up doing:
Postfix as postfix user
Dovecot as mail user using Maildir format
Dovecot deliver program running as mail (from within postfix). To do this, I set my local_transport within Postfix to be 'virtual,' which uses the virtual_transport mechanism to store local email. If you use the standard mailbox_command setting of using the dovecot deliver program, deliver cannot deliver the email without using setuid permissions, which is a poor security choice. In addition, to make this happen, I had to set the Postfix virtual_minimum_uid option to the UID of the mail user as well as the virtual_uid_maps to be 'static:8'. In essence always deliver email as the mail user. Since I do not have physical local users, this allows Dovecot to manage all email.
SpamAssassin runs via MailScanner so runs as the user postfix
ClamD was changed however to run as the root user. Eventually, this will need to change back to the clam user, but there are issues with being able to write and read the temporary files owned by postfix. Running as either mail or postfix did not solve this problem.
There are lots of write-ups on how to get MailScanner + Postfix + Dovecot working together. I used the following resources to install and solve problems.
Virtual Users And Domains With Postfix, MailScanner, Mailwatch & MySQL On CentOS 5.1 -- used to install, configure, run MailScanner, MailWatch, Postfix, etc. w/Mysql Great tutorial here.
MailScanner Installation Guide - Postfix -- used to aid in configuring MailScanner + Postfix
MailWatch for MailScanner Installation Instructions -- Used to aid in configuring MailWatch
MailWatch Tips and Tricks: GeoIP update -- Used to manually update the GeoIP DB as the online was broken even after using latest from Head.
Ending spam -- Used to configure SpamAssassin to increase Spam detection. I followed all these rules except the installation of CRM114 (which may still happen). I also setup Spam Assassin to update daily using the mechanism documented here.
Dovecot Sieve plugin -- Used to configure per user movement of Spam mail to a Spam folder
Postfix SASL Howto -- Used to use dovecot for SMTP over SSL authentication