ClamAV + MailScanner

[Peter Bonivart]

Mariano Absatz wrote:
> 2) For some time, clamav has had a command line option (I don't know if
> it's available thru the library, but it should) to scan a mail message.
> IIRC, MailScanner doesn't use this option, since it has the message
> processing within it... but, with the latest incarnation of encrypted zip
> archives containing viruses, I think clamav is adding some signatures (or
> intelligence, or both) to detect this kind of viruses, but, obviously, it
> needs the complete message, that I think MailScanner doesn't give it...
> wouldn't it be nice to be able to handle the whole message to 'clamav --
> mbox' (or the equivalent library call) if we find an encrypted archive?

I have to disagree, I think the beauty of MS lies in the fact that it
uses the external components in its most basic way possible which makes
them perform in the most stable manner. Invoking the scanner to scan a
batch avoids all potential daemon troubles. Scanning simple attachments
makes MS support more scanners than otherwise possible.

Using more scanner specific features would make it harder to upgrade the
scanner for one thing, probably MS would have to be upgraded too. And
how will we handle scanners not supporting features others do?

If you follow the Clam list, you can see that 90% of all the trouble
comes from running clam and freshclam in daemon mode and the mbox
implementation. I quickly delete those posts and feel smart about using
MS. ;-)

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25