[Mimedefang] Virus scanning messages vs. attachments

Philip Prindeville philipp_subx at redfish-solutions.com
Thu Nov 17 16:24:50 EST 2011

I was looking at how the example mimedefang-filter handles virii:

    # Copy original message into work directory as an "mbox" file for
    # virus-scanning

    # Scan for viruses if any virus-scanners are installed
    my($code, $category, $action) = message_contains_virus();

    # Lower level of paranoia - only looks for actual viruses
    $FoundVirus = ($category eq "virus");

    # Higher level of paranoia - takes care of "suspicious" objects
    # $FoundVirus = ($action eq "quarantine");

    if ($FoundVirus) {
        md_graphdefang_log('virus', $VirusName, $RelayAddr);
        md_syslog('warning', "Discarding because of virus $VirusName");
        return action_discard();

in filter_begin(), and was thinking about an alternative approach using filter():

    my($code, $category, $action) = entity_contains_virus($entity);

    # replace the virus attachment with a warning
    if ($category eq "virus") {
        md_syslog('warning', "Eliding because of virus $VirusName");
        return action_replace_with_warning("[ Deleted; found virus: $VirusName ]");

instead.  Anyone see a problem (performance, etc) with that?

Can I drop the "md_copy_orig_msg_to_work_dir_as_mbox_file()" also?

BTW:  Anyone else seeing 3-hour delays between sending a message and getting back the list copy?



More information about the MIMEDefang mailing list