[Mimedefang] Virus scanning messages vs. attachments

Kevin A. McGrail KMcGrail at PCCC.com
Fri Nov 18 11:09:12 EST 2011

On 11/18/2011 7:49 AM, David F. Skoll wrote:
> The theory behind that copy is that virus authors might use malformed 
> MIME messages to evade virus scanning. So we pass botht he unpacked 
> parts as seen by MIME::Tools and the original message in case the 
> virus scanner's MIME parser works differently and sees a virus that 
> might evade MIME::tools or vice-versa. It's probably overkill, but 
> copying a file on a ramdisk is pretty cheap so I'd leave it in. 
The extra checks in MD combined with things like bad file parts, etc. 
has really helped stop emerging viruses before traditional scanner 
signatures are updated.  I would recommend the solution remain as-is.


More information about the MIMEDefang mailing list