Skip scan for viruses

Fri Jan 30 11:23:22 GMT 2004

At 11:12 30/01/2004, you wrote:
>No, spam can't directly compromise your PC, viruses can.
>
>As it stands it is a gaping security hole in MailScanner.

That's a bit strong....

>Hypothethical example:  User phones, and says "your flipping anti-spam gizmo
>has blocked an email which isn't spam, can you release it?".  You look at
>the logs, see that Mailscanner doesn't think it's a virus and release it
>from quarantine.  BOOM!

"MailScanner doesn't think it's a virus" is not the same as "MailScanner
doesn't know if it is a virus or not" which is what is actually happening here.

I need to take a look at this problem again. It would be nice to be able to
switch the evaluation order. It's not a trivial problem (I delay setting up
expensive data structures until the last moment so as not to waste CPU
doing it for messages which might get trashed anyway).

Let me have a think.
I'll get back to you.

>Phil
>
>---------------------------------------------
>Phil Randal
>Network Engineer
>Herefordshire Council
>Hereford, UK
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of David Hooton
> > Sent: 30 January 2004 11:05
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Skip scan for viruses
> >
> >
> > > So it seems to me that SpamAssassin and its spam checks is
> > more of a CPU
> > > hog than the whole virus scanning process.
> >
> > Depending on your configuration, but here it is...
> >
> > > My thought would be
> > >
> > > if a Virus is dropped before the Spam Scanning can even
> > pick it up, that
> > > would mean less work to the CPU, thus less ressources are
> > consumed or am
> > > I making a mistake?
> >
> > This is a very dynamic situation, a little while ago it was
> > suggested that
> > the order be configurable.  I forget where that thread ended, but in
> > situations like we've had this week it certainly would be
> > nice to be able to
> > reverse the process to virus scan first.  _however_ we also
> > have weeks when
> > spam traffic is very significantly higher than virus traffic
> > in which case
> > obviously it would be good to have the other way around.
> >
> > I would really love to see an option for this, it's been
> > asked for before,
> > unless there is a serious security implication or it already exists!
> >
> > Regards,
> >
> > David Hooton
> >
> >
> > ==============================================================
> > ==========
> >  Pain free spam & virus protection by:
>www.mailsecurity.net.au
>  Forward undetected SPAM to:                   spam at mailsecurity.net.au
>========================================================================

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654