Mydoom Virus getting Through - High Spam

Kai Schaetzl maillists at CONACTIVE.COM
Thu Feb 12 17:31:36 GMT 2004

Phil Randal wrote on         Thu, 12 Feb 2004 12:13:54 -0000:

> Do you have any plans to allow us to virus scan all quarantined emails, even
> when they are high-scoring spam?

I've currently set up a test environment because I'm considering moving from a 
milter to MailScanner. And I see exactly what you want: Incoming virus 
messages are scanned by clamav and also detected as spam and then quarantined. 
Or did I misunderstand you? Actually, I would like to see an option where I 
could give a processing order and tell Mailscanner to stop scanning when it is 

f.i., a simplified example:

processing order:
filetype stop

would process in that order and stop processing if the message contains a 
forbidden attachment type - and quarantine it. Depending on which order you 
choose it could reduce the ressource usage tremendously. F.i. if most mail 
coming in are viruses with certain extensions the order above would already 
grab and stop most mail without virus-scanning and spam-scanning.

Ressource usage isn't an issue on low-volume machines, but where you process 
thousands of messages a day you are quite happy when you can stop it at the 
earliest moment with the least possible CPU and mem usage.

Of course, it should be possible that MS continues with the scan if someone 
releases the mail and puts it back in the queue. I assume it would need to add 
an extra header
X-MailScanner-ScanStatus: spam

So this would indicate to restart scanning at that stage. And it would 
probably need another header/measure which lets MailScanner identify that it 
can trust this header.



Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services:
IE-Center: &

More information about the MailScanner mailing list