[Mimedefang] Using more than one virus scanner is a good idea.

[Steffen Kaiser]

On Wed, 28 Jan 2004, Chris Myers wrote:

> Here are replacements for message_contains_virus and entity_contains_virus
> that use all available virus scanners (and an example of using clamd but not
> clamav when
> both are available).  Instead of using only the first available scanner,
> these new routines try the available scanners in turn, until one of them
> finds a virus or all of the scanners have been tried.

OK, I agree that this code is nice to have in a plug-and-go filter
(though, I'd move the generation of the @scanner array out of the
function).
But I do not test any of the $Features{'Virus:XYZ'}, because
a) I know what virus scanners should be present and
b) when they fail (to be invoked or whatever) it's a bug that has to be
resolved and to be found early and
c) I do not intend to change the list of available scanners regularily.

BTW: There was a thread on this list claiming that the File::Scan module
has very little impact on the scanning process in comparison to the other
virus scanners, that it should be called first to avoid unnecessary calls
to heavier ones -- however, assuming that most mails are free of viruses
that makes no difference, because both scanners run anyway.

>    foreach my $scanner ( @scanners ) {
>       my ($code, $category, $action) = &$scanner();
>       if ( $category eq "virus" || $category eq "suspicious" ) {
>          return ( wantarray ? ($code, $category, $action) : 0 )

^^^  Souldn't you return $code instead of "0", in case you happen to
call the function in scalar context?

Bye,

-- 
Steffen Kaiser