[Mimedefang] Cleaning up antivirus integration

Thu May 3 03:11:53 EDT 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 2 May 2007, Dave O'Neill wrote:

> 1) what AV engines do you actually use with MD?  Some of the AV

F-Prot demon, ClamAV demon, going to check out Sophos.

> 2) what sort of API would you like to see for the restructured code?
>   I'm currently thinking of something like:
>
>        # In your filter
>        use vars qw( $VS );
>
>        # In filter_initialize()
>        $VS = Email::VirusScan->new({
>
>            # the engines to use, and their configurations
>            engines => {
>                'ClamAV::Daemon' => {
>                    socket_name => '/var/spool/MIMEDefang/clamd.sock'
>                },
>                'FProtD' => {
>                    host => '127.0.0.1',
>                    port => 10200,
>                },

Each scanner has defaults, I'd suggest to allow no arguments, e.g.:

'FProt::Demon' => 1	# Activate F-Prot demon scanner with defaults
- -same as-
'FProt::Demon' => { }

>            },
>
>            # the order to use the engines in
>            order => [ 'FProtD', 'ClamAV::Daemon' ],
>        });
>
>        # And, later, in filter_end()

I prefer filter_begin(). But that doesn't matter.

>        my $result = $VS->scan_path( "$CWD/Work" )
>        if( $result->is_virus ) {
>            my @viruses = $result->get_virus_names();
>            # ...
>        }
>
>   Email::VirusScan would use pluggable backends, such as
>   Email::VirusScan::ClamAV::Daemon that conform to a standard API:
>    ->new( $some_config_hashref ) for creating a scanner object with
>      configuration data
>    ->scan( $email_object ) for scanning a MIME::Entity, Email::Simple,
>      etc, probably via Email::Abstract.  This is mostly equvalent to
>      entity_contains_virus() in the current MD code.
>    ->scan_path( $path_to_file_or_directory ) for scanning a single file
>      or directory.  This is mostly equivalent to
>      message_contains_virus() in the current MD code

Hmm. What I actually miss in the current MIMEDefang code is a way to 
customize the arguments used to scan particular files, e.g. I had some 
trouble F-Prot demon flagging some MS Word docs as virus, when the "scan 
archives" option was turned on; so now I patch MIMEDefang to pass this 
option for Zips only. Which is possible, because Fprot demon cannot scan 
recursively.
Unfortunately, the more flexible the API, the more wasted ressources, if 
you don't use it.

Bye,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRjmLPegJIbZtwg6XAQLH+Af+MKu3iMdZAM7cbjfsQ9IDJlJbYG8UPlEH
9wpYnPENu8gWKV68eJLLdy5rjv/3IdeqbJYHdF6FgU98NndaB4vQG7SNVH6fDVe+
/kdzZY4cZeOZaHKMo98pGdgg2CEQzI6p1Gi5KOQaPEU4yjImL0Uwt3rgrRhgH2y5
jIhEp1FSPBP/BitpUI+KMRb6NBsqT62+Y0MnfxpbDMmC1etrM+VAr+XeQja4Y6o8
CBzG+A8WEitSB06Nn+tdNdFHxLSN3lrInASfwEQhj8/dK8kEcgmxj3AbbAnEbXoF
NRHHpw6zpHUF5JThNWZGqX2b8oIRmb4oZ9iZnTqpjIz9HogQB3IoZg==
=U5O6
-----END PGP SIGNATURE-----