[Mimedefang] Virus scanning messages vs. attachments
Philip Prindeville
philipp_subx at redfish-solutions.com
Thu Nov 17 16:24:50 EST 2011
I was looking at how the example mimedefang-filter handles virii:
# Copy original message into work directory as an "mbox" file for
# virus-scanning
md_copy_orig_msg_to_work_dir_as_mbox_file();
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
# Lower level of paranoia - only looks for actual viruses
$FoundVirus = ($category eq "virus");
# Higher level of paranoia - takes care of "suspicious" objects
# $FoundVirus = ($action eq "quarantine");
if ($FoundVirus) {
md_graphdefang_log('virus', $VirusName, $RelayAddr);
md_syslog('warning', "Discarding because of virus $VirusName");
return action_discard();
}
in filter_begin(), and was thinking about an alternative approach using filter():
my($code, $category, $action) = entity_contains_virus($entity);
# replace the virus attachment with a warning
if ($category eq "virus") {
md_syslog('warning', "Eliding because of virus $VirusName");
return action_replace_with_warning("[ Deleted; found virus: $VirusName ]");
}
instead. Anyone see a problem (performance, etc) with that?
Can I drop the "md_copy_orig_msg_to_work_dir_as_mbox_file()" also?
BTW: Anyone else seeing 3-hour delays between sending a message and getting back the list copy?
Thanks,
-Philip
More information about the MIMEDefang
mailing list