[Mimedefang] When to do Virus checks
John Rudd
john at rudd.cc
Thu Nov 30 07:49:59 EST 2006
I was thinking about moving the virus check from filter_begin to
filter_end (I do them in filter_begin, having inherited that from the
example mimedefang-filter). My reason is: it seems to me that the
attachment checks (in filter and filter_multipart) are going to be
cheaper (in CPU time and elapsed time) than the virus checks, and my
general principle in organizing my AV/AS checks right now is: cheapest
checks first, so that as little as possible gets sent to the more
expensive checks. If the virus check is more expensive than the
attachment checks, then the attachment checks should be done first.
Does anyone have any thoughts about whether or not it seems like a good
or bad idea to move the virus checks to filter_end (before the
SpamAssassin check)?
So, it would look something like this:
filter_sender
reject *.local senders
reject some basic/egregious HELO strings
filter_recipient
reject *.local recipients
validate recipients with final destination
filter_begin
reject messages with suspicious characters
reject relays that look like botnets (which uses @Recipients
so it can exempt messages headed only to postmaster
and/or abuse)
remove the headers that filter and filter_multipart will
add (to keep them from being spoofed)
filter
reject bad attachments by name and/or type
add headers for good attachments
filter_multipart
reject bad attachments by name and/or type
add headers for good attachments
filter_end
reject viruses
remove spam/ham related headers
reject high scoring spam
add headers for ham or regular spam
More information about the MIMEDefang
mailing list