[Mimedefang] Check extensions beforer virus scan
Bryan Stansell
bryan at stansell.org
Tue Jan 27 16:20:19 EST 2004
i noticed that just yesterday when trolling through mimedefang-filter.
is there a reason for doing this? that is, having the anti-virus pull
apart the entire message and then only feed in each part looking for the
infected portion if it found one in filter_begin()?
seems like the suggestion below would help make things a bit lighter and
a good default...and then you don't rely on the anti-virus program
having the ability to pull apart messages, decode them, etc.
just curious about the logic behind the default behavior.
Bryan
On Tue, Jan 27, 2004 at 03:07:55PM -0600, Jim McCullars wrote:
>
> In the sample filter, there are two calls to a virus scanner - one in
> filter_begin() which calls the "message_contains_virus" function, and
> another in filter(), which calls the "entity_contains_virus" function. If
> you want, you could comment out the call in filter_begin(), and then in
> filter(), just move the call to check for a virus to below the part that
> checks for a bad extension.
>
> HTH...
>
> Jim McCullars
More information about the MIMEDefang
mailing list