[Mimedefang] Unsafe use of virus scanner in example filters
Martin Bene
martin.bene at icomedias.com
Sat Oct 26 07:55:01 EDT 2002
Hi david,
I think I've asked about this before, but since the code is still unchanged
in the example filter I'll take up this topic one again: while the
infrastructure for using virus scanners provided by mimedefang.pl is quite
nice, the use the default filters make of this infrastructure is less than
optimal:
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
$FoundVirus = ($category eq "virus");
Problems I have with this bit of code:
* doesn't check the recomended action (esp "tempfail" in case the virus
scanner failed / reported an internal error)
* doesn't do anythin with category "suspicious" (corrupted objects etc).
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
return action_tempfail("Error in Virus scanner - please try again later")
if ($action eq "tempfail");
Depending on your degree of paranoia,
$FoundVirus = ($action eq "quarantine");
should be a better definition of what to treat as a virus.
Bye, Martin
More information about the MIMEDefang
mailing list