Skip scan for viruses

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Fri Jan 30 11:32:52 GMT 2004


Thanks, Julian.

The other issue is about accurate statistics gathering.

MailScanner rocks.  It and ClamAV have been the only things preventing
MyDoom.A and Mymail.s getting into our corporate network.

I think we should all have a good look at your Amazon wish-list and
contribute.

Cheers,

Phil

---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: 30 January 2004 11:23
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Skip scan for viruses
>
>
> At 11:12 30/01/2004, you wrote:
> >No, spam can't directly compromise your PC, viruses can.
> >
> >As it stands it is a gaping security hole in MailScanner.
>
> That's a bit strong....
>
> >Hypothethical example:  User phones, and says "your flipping
> anti-spam gizmo
> >has blocked an email which isn't spam, can you release it?".
>  You look at
> >the logs, see that Mailscanner doesn't think it's a virus
> and release it
> >from quarantine.  BOOM!
>
> "MailScanner doesn't think it's a virus" is not the same as
> "MailScanner
> doesn't know if it is a virus or not" which is what is
> actually happening here.
>
> I need to take a look at this problem again. It would be nice
> to be able to
> switch the evaluation order. It's not a trivial problem (I
> delay setting up
> expensive data structures until the last moment so as not to waste CPU
> doing it for messages which might get trashed anyway).
>
> Let me have a think.
> I'll get back to you.
>
>
> >Phil
> >
> >---------------------------------------------
> >Phil Randal
> >Network Engineer
> >Herefordshire Council
> >Hereford, UK
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list
[mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of David Hooton
> > Sent: 30 January 2004 11:05
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Skip scan for viruses
> >
> >
> > > So it seems to me that SpamAssassin and its spam checks is
> > more of a CPU
> > > hog than the whole virus scanning process.
> >
> > Depending on your configuration, but here it is...
> >
> > > My thought would be
> > >
> > > if a Virus is dropped before the Spam Scanning can even
> > pick it up, that
> > > would mean less work to the CPU, thus less ressources are
> > consumed or am
> > > I making a mistake?
> >
> > This is a very dynamic situation, a little while ago it was
> > suggested that
> > the order be configurable.  I forget where that thread ended, but in
> > situations like we've had this week it certainly would be
> > nice to be able to
> > reverse the process to virus scan first.  _however_ we also
> > have weeks when
> > spam traffic is very significantly higher than virus traffic
> > in which case
> > obviously it would be good to have the other way around.
> >
> > I would really love to see an option for this, it's been
> > asked for before,
> > unless there is a serious security implication or it already exists!
> >
> > Regards,
> >
> > David Hooton
> >
> >
> > ==============================================================
> > ==========
> >  Pain free spam & virus protection by:
>www.mailsecurity.net.au
>  Forward undetected SPAM to:                   spam at mailsecurity.net.au
>========================================================================

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list