[Mimedefang] Virus scanning messages vs. attachments
Kevin A. McGrail
KMcGrail at PCCC.com
Fri Nov 18 11:09:12 EST 2011
On 11/18/2011 7:49 AM, David F. Skoll wrote:
> The theory behind that copy is that virus authors might use malformed
> MIME messages to evade virus scanning. So we pass botht he unpacked
> parts as seen by MIME::Tools and the original message in case the
> virus scanner's MIME parser works differently and sees a virus that
> might evade MIME::tools or vice-versa. It's probably overkill, but
> copying a file on a ramdisk is pretty cheap so I'd leave it in.
The extra checks in MD combined with things like bad file parts, etc.
has really helped stop emerging viruses before traditional scanner
signatures are updated. I would recommend the solution remain as-is.
Regards,
KAM
More information about the MIMEDefang
mailing list