ClamAV and Password Protected Bagles

Julian Field mailscanner at ecs.soton.ac.uk
Wed Mar 3 22:50:30 GMT 2004


At 22:32 03/03/2004, you wrote:
>Kevin Spicer wrote:
>>On Wed, 2004-03-03 at 22:10, Lindsay Snider wrote:
>>
>>>amavisd was patched to fix all of this mess by making the original email
>>>available in the 'parts' directory.  If mailscanner dropped the original
>>>email in to be scanned, the virus scanner may be able to do the hard work.
>>>-lindsay
>>
>>On the other hand the virus scanner will attempt to unpack the parts
>>too.  I use three virus scanners so that means the original email would
>>get unpacked 4 times.
>
>
>If some virus scanners can see viruses by seeing the message as a whole
>rather then in parts, it would be nice to come up with something to let
>them try.  Maybe it could be an option setting in MailScanner.conf to
>include or not include the original message when virus scanning.

That will involve yet more I/O, but I'll definitely consider it.

>>We're already unzipping things 4 times now!
>
>Do you happen to use /dev/shm?  If not, it may make the email explosions
>less painful.

Most people already use tmpfs or BSD softupdates. Using /dev/shm itself is
not necessary, it's tmpfs you are trying to get.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list