[Mimedefang] [OT] Virus without attachments

David F. Skoll dfs at roaringpenguin.com
Fri Dec 14 12:43:58 EST 2001


On 14 Dec 2001, Mojahedul Hoque Abul Hasanat wrote:

> The example filter scripts supplied with MD runs scanners on the whole
> email (working directory) first then runs scanners again for each MIME
> part.  It seems a waste of CPU cycles to me.

Not really.

If the initial scan does not find a virus, the scanner is NOT run for
each part.

Let's say you get a message with 100 attachments (hey, it could happen.)
It's much more efficient to invoke the scanner once on the whole thing
(you only incur startup costs once), and then not bother with each part
if the initial scan found nothing.

> To reduce the CPU load, I am running the scanner (uvscan) only on MIME
> parts that have an extension.  Is it enough?

I do not think very much of virus scanners.  See:

	http://www.roaringpenguin.com/mimedefang/anti-virus.html

In my opinion, the whole anti-virus industry is a big scam.  The only
safe approach is to block *any* executable or potentially-executable
content, and to use properly-engineered e-mail clients.  Of course,
if everyone did that, MIMEDefang would be redundant. :-)

> BTW, MD 2.2 is humming smoothly in our PIII 800MHz box with 30K mails
> per day.  Of course the load average sky rockets from time to time,
> that's expected with this meager hardware.  Kudos to David for an
> excellent piece of software.

Thanks, I appreciate it.

Regards,

David.




More information about the MIMEDefang mailing list