Questions about how MailScanner deals with mails to be quarantined

James Ogley james.ogley at PINNACLE.CO.UK
Tue Dec 2 17:07:31 GMT 2003

[Disclaimer: I'm approaching this from the POV of how MAILsweeper does

> But there can be many reasons, often at least 3 (HTML exploit trying to
> load a .pif which has a virus in it, for example). What then?

Then the 'big' issue is that it's a virus.

> But then what do you do with large executables? You have conflicting
> requests, which is kinda hard to code.

MAILsweeper allows you to order by priority the things it scans for, so
in our case, large file checks come before executables, but after virii
(virus being the most important thing to check for, but once we're
confident it's not a virus-laden, we check the size, and if it's too
big, stop there so we don't have to load it into memory to check it's
content again).

If it's stopped, we examine the mail to determine whether it should be
released to the recipient, and part of that is seeing it's an
executable, and dealing accordingly with that information.
James Ogley, Unix Systems Administrator, Pinnacle Insurance Plc
Work: james.ogley at +44 (0) 20 8731 3619
Personal: james at
Updated GNOME RPMs for SuSE Linux:

CONFIDENTIALITY.This e-mail and any attachments are
confidential and may also be privileged. If you are not the
named recipient, please notify the sender immediately and
do not disclose the contents to another person, use it for any
purpose, or store or copy the information in any medium. Any
views expressed in this message are those of the individual
sender, except where the sender specifically states them to
be the views of Pinnacle Insurance plc.

If you have received this email in error please immediately
notify the Pinnacle Helpdesk on +44 (0) 20 8207 9555.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

More information about the MailScanner mailing list