[Mimedefang] Virus Scanners

Adam Beatham adam at backboard.org
Wed Jul 10 13:39:00 EDT 2002

At 12:09 PM 7/10/2002 -0400, you wrote:

>Hopefully so, sweep vs. libsavi+sophie should have the same results -
>but arrive at them sooner ;-)  If sweep has the same trouble I guess
>it wouldn't help, but Have you tried sophie 1.40rc1?

I haven't yet.. but I am going to try it!

> > at this time, I don't have the luxury of the multiple boxes :)
>Understood.  The only one virus scanner I've ever run by itself was
>McAfee/NAI's.  Too much mail for it to handle though (and every NAI
>employee I've ever talked to about licensing should be shot).  So, I
>always set up at least two scanners.  Perhaps I'd have the same results
>as you if I only used sophie (are/were you only using sophie?).  Why
>don't you set up something else like File::Scan to scan things after
>Sophie to see if anything gets caught there.  I mean before the Notes
>machine ruins any hope of having useful information like what you'd get
>out of quarantine_entire_message.  If sweep/sophie really did just
>plain miss it, then by all means - send it to the sophos people.
>File::Scan by the way has _very_ little overhead.  The virus signatures
>are in the Perl module itself, so it doesn't have to run/read anything
>external at all.  ...well, just the files that it scans.

So I have a couple of dumb questions.  What would be the best way to 
implement dual scanners within the same filter?

And just how does File::SCan work.. I actually use it on another system, 
just for minimal protection at this point.  but how does one update the 
signatures and what not?


-adam, the guy behind the guy behind the guy

More information about the MIMEDefang mailing list