[Mimedefang] newbie: virus-scanning

Karel.DeBruyne at ua.ac.be Karel.DeBruyne at ua.ac.be
Thu Jun 27 04:10:09 EDT 2002

On Wed, 26 Jun 2002, Ken March wrote:

> On Wed, 26 Jun 2002, Steffen Kaiser wrote:
> > 1) Why does some examples use $VirusFound = message_contains_virus() and
> > then scan each entity again if $VirusFound? So why not do either? Or when
> > message_**() finds a virus, why not act right away?
> From what I understand, it really depends on what you want to do.  If you
> want to just quarantine infected attachments, then you'll want to scan
> using entity_contains_virus().  If you want to quarantine the entire
> message regardless if it was only one attachment infected or not, then
> use message_contains_virus().
> Personally I just use message_contains_virus() and do an action_bounce()
> if one is found.

I am scanning my entire message first, and if this message is infected, I
scan each entity to give some precise information about the virus type and
which attachement is infected in the "bouncing message"

This is a service from me for the poor guy who might not have a clue about
this infection. I give this information to the recipients too, because
they might recognize the modified sender's address.
(the sender jphn.doe at xyz.com might be their friend john.doe at xyz.com)

Karel De Bruyne
System/Network Manager                      phone      + 32 3 820 22 04
UIA - Network Service                       fax        + 32 71 83 43 00
Universiteitsplein 1 - B0.12                email  dbruyne at uia.ua.ac.be
B 2610 Wilrijk - Belgium              http://www.uia.ua.ac.be/u/dbruyne

More information about the MIMEDefang mailing list