Mydoom Virus getting Through - High Spam
Kai Schaetzl
maillists at CONACTIVE.COM
Thu Feb 12 17:31:36 GMT 2004
Phil Randal wrote on Thu, 12 Feb 2004 12:13:54 -0000:
> Do you have any plans to allow us to virus scan all quarantined emails, even
> when they are high-scoring spam?
>
I've currently set up a test environment because I'm considering moving from a
milter to MailScanner. And I see exactly what you want: Incoming virus
messages are scanned by clamav and also detected as spam and then quarantined.
Or did I misunderstand you? Actually, I would like to see an option where I
could give a processing order and tell Mailscanner to stop scanning when it is
true.
f.i., a simplified example:
processing order:
filetype stop
spam
virus
would process in that order and stop processing if the message contains a
forbidden attachment type - and quarantine it. Depending on which order you
choose it could reduce the ressource usage tremendously. F.i. if most mail
coming in are viruses with certain extensions the order above would already
grab and stop most mail without virus-scanning and spam-scanning.
Ressource usage isn't an issue on low-volume machines, but where you process
thousands of messages a day you are quite happy when you can stop it at the
earliest moment with the least possible CPU and mem usage.
Of course, it should be possible that MS continues with the scan if someone
releases the mail and puts it back in the queue. I assume it would need to add
an extra header
X-MailScanner-ScanStatus: spam
So this would indicate to restart scanning at that stage. And it would
probably need another header/measure which lets MailScanner identify that it
can trust this header.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
More information about the MailScanner
mailing list