[Mimedefang] Virus scanning messages vs. attachments
David F. Skoll
dfs at roaringpenguin.com
Fri Nov 18 07:49:22 EST 2011
On Thu, 17 Nov 2011 14:24:50 -0700
Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
[...]
> in filter_begin(), and was thinking about an alternative approach
> using filter():
> instead. Anyone see a problem (performance, etc) with that?
It'll possibly be slower because you're invoking the scanner multiple
times instead of once. This won't matter much for daemonized scanners, but
will hurt a lot for command-line scanners.
> Can I drop the "md_copy_orig_msg_to_work_dir_as_mbox_file()" also?
The theory behind that copy is that virus authors might use malformed MIME
messages to evade virus scanning. So we pass botht he unpacked parts
as seen by MIME::Tools and the original message in case the virus scanner's
MIME parser works differently and sees a virus that might evade MIME::tools
or vice-versa.
It's probably overkill, but copying a file on a ramdisk is pretty cheap so
I'd leave it in.
> BTW: Anyone else seeing 3-hour delays between sending a message and
> getting back the list copy?
Nope. I see delays of a few minutes.
Regards,
David.
More information about the MIMEDefang
mailing list