-----Original Message----- From: alan premselaar [mailto:alien@12inch.com] Sent: Wednesday, February 16, 2005 9:25 AM To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Anyone using File::Scan? ::SNIP:: > I think the change would be good, because up until now, if File::Scan is > installed, it's used. I could see a case where it may be installed but > not desired to be used. Likewise, I have clam installed on my system (in addition to File::Scan), but use clamd, and not clamscan, with MIMEDefang. It didn't take much to disable clamscan in my mimedefang.pl: #$Features{'Virus:CLAMAV'} = ('/usr/local/bin/clamscan' ne '/bin/false' ? '/usr/local/bin/clamscan' : 0); $Features{'Virus:CLAMAV'} = ('/bin/false' ne '/bin/false' ? '/bin/false' : 0); Manually disabling and auto-enabled feature, or re-enabling a disabled formerly auto-enabled featured makes little difference. There are two camps of thought.... One feels the potential for false-positive is greater than the risk of letting a virus slip through. The other feels the risk of a virus is greater than the risk of a false-positive. Taking a stand on either side of that fence would be fodder for an interesting discussion, I'm sure. Which is worse... The company president not getting an email because a false positive flagged one of his incoming emails? Or opening up hundreds (if not thousands) of desktop clients to a virus, with the resulting potentials for loss of productivity and data? We share an Exchange "Global address List" with our parent company. There are a LOT of addresses in there... Just ripe for grabbing by some virus. I suppose if the email to the president or the board of directors, were for an offer to buy the company for $3 billion, he wouldn't want to miss that. Ken