Skip scan for viruses
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Fri Jan 30 13:00:52 GMT 2004
OK folks, I reckon Julian's far more deserving of honours than Sir Bill.
UK citizens might like to download the form at
http://www.cabinet-office.gov.uk/ceremonial/index/nomination.htm
and do their bit.
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: 30 January 2004 11:54
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Skip scan for viruses
>
>
> At 11:32 30/01/2004, you wrote:
> >Thanks, Julian.
> >The other issue is about accurate statistics gathering.
> >MailScanner rocks. It and ClamAV have been the only things
> preventing
> >MyDoom.A and Mymail.s getting into our corporate network.
>
> Wonderful!
>
> I would possibly end up scanning everything, but as I say
> it's going to
> take some considerable thought. The current architecture
> rolls along the
> message batch data structures quite well, I need to start
> drawing stuff to
> work out an alternative top-level architecture that could do
> this. And then
> be able to switch between the two.
>
> It would be cool if I could make it automatically switch
> modes depending on
> the current mail activity, so when it starts seeing loads of
> viruses it
> does virus scanning first, but normally runs the other way
> round (lots of
> people don't deliver spam at all, which cuts down the load
> considerably as
> it is not virus-scanned). Whether that is possible or not, I
> haven't a clue
> at the moment. But as I said, I think it would be cool.
>
> >I think we should all have a good look at your Amazon wish-list and
> >contribute.
>
> Sorry there aren't many cheap things on it at the moment. You
> could either
> club together, or else just think up something you reckon I
> might like. I'm
> sure I like loads of stuff that's not on my list, I just
> don't know it yet.
>
> And if anyone fancies writing to the Queen and nominating me
> for the Honors
> list, that would go down well too!
> I didn't make the Open Source Initiative awards, not the Jan
> 2004 round
> anyway. Next lot are due in April. Maybe I'll have better
> luck next time.
>
> > > -----Original Message-----
> > > From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > > Behalf Of Julian Field
> > > Sent: 30 January 2004 11:23
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Re: Skip scan for viruses
> > >
> > >
> > > At 11:12 30/01/2004, you wrote:
> > > >No, spam can't directly compromise your PC, viruses can.
> > > >
> > > >As it stands it is a gaping security hole in MailScanner.
> > >
> > > That's a bit strong....
> > >
> > > >Hypothethical example: User phones, and says "your flipping
> > > anti-spam gizmo
> > > >has blocked an email which isn't spam, can you release it?".
> > > You look at
> > > >the logs, see that Mailscanner doesn't think it's a virus
> > > and release it
> > > >from quarantine. BOOM!
> > >
> > > "MailScanner doesn't think it's a virus" is not the same as
> > > "MailScanner
> > > doesn't know if it is a virus or not" which is what is
> > > actually happening here.
> > >
> > > I need to take a look at this problem again. It would be nice
> > > to be able to
> > > switch the evaluation order. It's not a trivial problem (I
> > > delay setting up
> > > expensive data structures until the last moment so as not
> to waste CPU
> > > doing it for messages which might get trashed anyway).
> > >
> > > Let me have a think.
> > > I'll get back to you.
> > >
> > >
> > > >Phil
> > > >
> > > >---------------------------------------------
> > > >Phil Randal
> > > >Network Engineer
> > > >Herefordshire Council
> > > >Hereford, UK
> > > >
> > > > > -----Original Message-----
> > > > > From: MailScanner mailing list
> >[mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > > > Behalf Of David Hooton
> > > > Sent: 30 January 2004 11:05
> > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > Subject: Re: Skip scan for viruses
> > > >
> > > >
> > > > > So it seems to me that SpamAssassin and its spam checks is
> > > > more of a CPU
> > > > > hog than the whole virus scanning process.
> > > >
> > > > Depending on your configuration, but here it is...
> > > >
> > > > > My thought would be
> > > > >
> > > > > if a Virus is dropped before the Spam Scanning can even
> > > > pick it up, that
> > > > > would mean less work to the CPU, thus less ressources are
> > > > consumed or am
> > > > > I making a mistake?
> > > >
> > > > This is a very dynamic situation, a little while ago it was
> > > > suggested that
> > > > the order be configurable. I forget where that thread
> ended, but in
> > > > situations like we've had this week it certainly would be
> > > > nice to be able to
> > > > reverse the process to virus scan first. _however_ we also
> > > > have weeks when
> > > > spam traffic is very significantly higher than virus traffic
> > > > in which case
> > > > obviously it would be good to have the other way around.
> > > >
> > > > I would really love to see an option for this, it's been
> > > > asked for before,
> > > > unless there is a serious security implication or it
> already exists!
> > > >
> > > > Regards,
> > > >
> > > > David Hooton
> > > >
> > > >
> > > > ==============================================================
> > > > ==========
> > > > Pain free spam & virus protection by:
> > >www.mailsecurity.net.au
> > > Forward undetected SPAM to:
> spam at mailsecurity.net.au
> >
> >=============================================================
> ===========
> >
> >--
> >Julian Field
> >www.MailScanner.info
> >MailScanner thanks transtec Computers for their support
> >
> >PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
More information about the MailScanner
mailing list