[Mimedefang] Cleaning up antivirus integration
Anne Bennett
anne at encs.concordia.ca
Wed May 2 16:35:50 EDT 2007
"Dave O'Neill" <dmo at roaringpenguin.com> asks:
> 1) what AV engines do you actually use with MD?
Sophie.
> 2) what sort of API would you like to see for the restructured code?
At the moment, I just explicitly call
my ( $code, $category, $action ) = message_contains_virus_sophie();
in filter_begin, and discard if we find a virus. I'd hope that a
relatively simple calling interface for a single scanner would continue
to be available, though I approve of your effort to make it easier to
run multiple scanners.
> Email::VirusScan->scan() or ->scan_path() would iterate over all the
> configured backend engines and invoke the equivalent method. The
> results of all scans would be returned as a container object that can
> be queried for overall status (->is_virus, etc), or for the
> information about individual scan results ( so that you can see which
> scanner got a hit, the name of the infected file, etc).
There could be an efficiency issue there; virus scanning is expensive,
so for me, the first hit (positive result) should end it. I would
definitely want an option to stop when a virus is found.
Also, at the moment, if my one and only virus scanner is offline, I
TMPFAIL the message. If I had multiple scanners, I'd need to be able
to say what to do if any of them were offline. Are some required
(TMPFAIL if it can't run)? Are some optional (don't worry about it if
we can't run it)? Is my criterion that the message must pass at least
some number of scanners?
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
anne at encs.concordia.ca +1 514 848-2424 x2285
More information about the MIMEDefang
mailing list