[Mimedefang] Virus/MIME Issue
Chris Masters
rotis23 at yahoo.com
Mon Apr 18 14:00:06 EDT 2005
--- "David F. Skoll" <dfs at roaringpenguin.com> wrote:
> Chris Masters wrote:
>
> > So is it true to say that virus scanning on a per
> > entity basis does not maximise virus detection
> safety?
> > Should we always use MIME::Tools (via filter)
> *and*
> > the virus scanners own mime decoding functionality
> > (via filter_begin for example) for each mail?
>
> No. The safest way is illustrated in the example
> filter. Do your
> scanning in filter_end, but call
> md_copy_orig_msg_to_work_dir_as_mbox_file()
> before invoking the virus scanner.
For me, the problem with doing virus scanning in
filter_begin (or filter_end) is that I need to have
the ability to replace/remove the infected part/entity
[if required].
The problem with doing scanning in filter *only* is
that the virus scanners never get the chance to scan
the original raw mail. This is where some troublesome
MIME encoded viruses can slip through - such as our
experience with virus-bounces?
I guess the solution here to do both. Although I
thought I read somewhere (can't find it now) that
either the message_contains or entity_contains
functions were to be depricated.
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
More information about the MIMEDefang
mailing list