[Mimedefang] Anyone using File::Scan?

[Cormack, Ken]

-----Original Message-----
From: alan premselaar [mailto:alien at 12inch.com] 
Sent: Wednesday, February 16, 2005 9:25 AM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Anyone using File::Scan?

::SNIP::

> I think the change would be good, because up until now, if File::Scan is 
> installed, it's used.  I could see a case where it may be installed but 
> not desired to be used.

Likewise, I have clam installed on my system (in addition to File::Scan),
but use clamd, and not clamscan, with MIMEDefang.  It didn't take much to
disable clamscan in my mimedefang.pl:

#$Features{'Virus:CLAMAV'}   = ('/usr/local/bin/clamscan' ne '/bin/false' ?
'/usr/local/bin/clamscan' : 0);
$Features{'Virus:CLAMAV'}   = ('/bin/false' ne '/bin/false' ? '/bin/false' :
0);

Manually disabling and auto-enabled feature, or re-enabling a disabled
formerly auto-enabled featured makes little difference.

There are two camps of thought.... One feels the potential for
false-positive is greater than the risk of letting a virus slip through.
The other feels the risk of a virus is greater than the risk of a
false-positive.  Taking a stand on either side of that fence would be fodder
for an interesting discussion, I'm sure.

Which is worse... The company president not getting an email because a false
positive flagged one of his incoming emails?  Or opening up hundreds (if not
thousands) of desktop clients to a virus, with the resulting potentials for
loss of productivity and data?  We share an Exchange "Global address List"
with our parent company.  There are a LOT of addresses in there... Just ripe
for grabbing by some virus.  I suppose if the email to the president or the
board of directors, were for an offer to buy the company for $3 billion, he
wouldn't want to miss that.

Ken