[Mimedefang] Virus scanning messages vs. attachments

David F. Skoll dfs at roaringpenguin.com
Fri Nov 18 07:49:22 EST 2011

On Thu, 17 Nov 2011 14:24:50 -0700
Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:


> in filter_begin(), and was thinking about an alternative approach
> using filter():

> instead.  Anyone see a problem (performance, etc) with that?

It'll possibly be slower because you're invoking the scanner multiple
times instead of once.  This won't matter much for daemonized scanners, but
will hurt a lot for command-line scanners.

> Can I drop the "md_copy_orig_msg_to_work_dir_as_mbox_file()" also?

The theory behind that copy is that virus authors might use malformed MIME
messages to evade virus scanning.  So we pass botht he unpacked parts
as seen by MIME::Tools and the original message in case the virus scanner's
MIME parser works differently and sees a virus that might evade MIME::tools
or vice-versa.

It's probably overkill, but copying a file on a ramdisk is pretty cheap so
I'd leave it in.

> BTW:  Anyone else seeing 3-hour delays between sending a message and
> getting back the list copy?

Nope.  I see delays of a few minutes.



More information about the MIMEDefang mailing list