[Mimedefang] newbie: virus-scanning

David F. Skoll dfs at roaringpenguin.com
Wed Jun 26 13:01:53 EDT 2002

On Wed, 26 Jun 2002, Steffen Kaiser wrote:

> 1) Why does some examples use $VirusFound = message_contains_virus() and
> then scan each entity again if $VirusFound? So why not do either? Or when
> message_**() finds a virus, why not act right away?

It's often much quicker to scan the entire message first, and then avoid
scanning each part if no virus was found.  This only matters if you
want to look at each part individually.

> 2) Some Mailclients automatically opens certain compressions, such as .gz
> or .bz2, or encodings, such as uuencode, and present the contents as
> attachement. Is this performed by MIMEDefang, too implicitly?

No; opening compressed files (or in general, trying to be too clever) can
lead to DoS attacks if you are not very careful.  If you want this
functionality, you have to code it yourself.



More information about the MIMEDefang mailing list