[Mimedefang] log which virusscanner found a virus
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Thu Jun 23 13:35:12 EDT 2005
Ken Cormack wrote:
> -----Original Message-----
> From: Christoph Martin [mailto:martin at uni-mainz.de]
>
>> Hi,
>>
>> is there a method to log which of the virus-scanners I have
>> configured for mimedefang has actually found the virus?
>>
>> Christoph
...
>
> THE FOLLOWING SCANNERS FOUND THESE VIRUSES
...
> CLAMD: Worm.Mytob.DI
> CLAMD: Worm.Mytob.DJ
> CLAMD: Worm.Mytob.DK
> CLAMD: Worm.Mytob.F
> CLAMD: Worm.Mytob.Gen-1
> CLAMD: Worm.Mytob.Gen-2
> CLAMD: Worm.Mytob.T-2
> CLAMD: Worm.Mytob.V
> CLAMD: Worm.SomeFool.Gen-1
> CLAMD: Worm.SomeFool.P
> FileScan: W32/Bagle.af
> FileScan: W32/Bagle.ai
> FileScan: W32/Bugbear.b
> FileScan: W32/Netsky
> FileScan: W32/Netsky.c
> FileScan: W32/Netsky.p
> FileScan: W32/Zafi.b
> VEXIRA: Worm/Mytob.EN
> VEXIRA: Worm/Mytob.U
The performance of a given virus-scanner is heavily dependant on the order that message_contains_virus calls each scanner... the first scanner called has a huge advantage.
Possible solutions to more fairly treat each scanner:
* randomize the order that message_contains_virus calls scanners
* call all scanners for all messages - even if the first scanner found a virus, call the others - and log all "find"s for each message_contains_virus call
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
More information about the MIMEDefang
mailing list