ClamAV and Password Protected Bagles

[Julian Field]

At 15:22 04/03/2004, you wrote:
>Julian Field said:
> > At 13:54 04/03/2004, you wrote:
> >> > >If some virus scanners can see viruses by seeing the message as a
> >> whole
> >> > >rather then in parts, it would be nice to come up with something to
> >> let
> >> > >them try.  Maybe it could be an option setting in MailScanner.conf to
> >> > >include or not include the original message when virus scanning.
> >> >
> >> > That will involve yet more I/O, but I'll definitely consider it.
> >>
> >>Could you please make this an option?
> >
> > It's not as trivial to implement as it sounds, as MailScanner scans many
> > messages at once and needs to be able to spot the difference between the
> > message text and any similarly-named attachment. Whatever I decide to call
> > the raw message text, someone will write a virus which contains a harmless
> > attachment called the same thing to try to defeat me. I wonder how (or
> > even
> > if) the Amavis guys have solved this problem?
> >
> > I intend to do a stable release tomorrow and it certainly won't be in
> > that.
> > Too late to start implementing new features now. But I will think about
> > ways of overcoming the problems, something will come to mind. Be warned it
> > will make MailScanner go slower as more I/O will have to be done on the
> > entire message.
>
>But not I guess for those of us using an MTA that only uses a single file,
>like Postfix.

It still has to be copied, regardless of the number of files per message
used by the MTA.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654