[Mimedefang] newbie: virus-scanning
Karel.DeBruyne at ua.ac.be
Karel.DeBruyne at ua.ac.be
Thu Jun 27 04:10:09 EDT 2002
On Wed, 26 Jun 2002, Ken March wrote:
> On Wed, 26 Jun 2002, Steffen Kaiser wrote:
>
> > 1) Why does some examples use $VirusFound = message_contains_virus() and
> > then scan each entity again if $VirusFound? So why not do either? Or when
> > message_**() finds a virus, why not act right away?
>
> From what I understand, it really depends on what you want to do. If you
> want to just quarantine infected attachments, then you'll want to scan
> using entity_contains_virus(). If you want to quarantine the entire
> message regardless if it was only one attachment infected or not, then
> use message_contains_virus().
>
> Personally I just use message_contains_virus() and do an action_bounce()
> if one is found.
I am scanning my entire message first, and if this message is infected, I
scan each entity to give some precise information about the virus type and
which attachement is infected in the "bouncing message"
This is a service from me for the poor guy who might not have a clue about
this infection. I give this information to the recipients too, because
they might recognize the modified sender's address.
(the sender jphn.doe at xyz.com might be their friend john.doe at xyz.com)
Karel
=======================================================================
Karel De Bruyne
System/Network Manager phone + 32 3 820 22 04
UIA - Network Service fax + 32 71 83 43 00
Universiteitsplein 1 - B0.12 email dbruyne at uia.ua.ac.be
B 2610 Wilrijk - Belgium http://www.uia.ua.ac.be/u/dbruyne
=======================================================================
More information about the MIMEDefang
mailing list