ClamAV + MailScanner
Mariano Absatz
mailscanner at LISTS.COM.AR
Thu Mar 18 20:28:30 GMT 2004
But I'm not talking about using it in daemon mode... what I say is,
either interactively via 'system()' or directly via library (which is
what clamavmodule does), to give clamav access to the message as a whole
_only_ when MailScanner detects an encrypted archive...
I'm very fond of MailScanner's NOT using antivirus engines in daemon
mode.
El 18 Mar 2004 a las 19:48, Peter Bonivart escribió:
> Mariano Absatz wrote:
> > 2) For some time, clamav has had a command line option (I don't know if
> > it's available thru the library, but it should) to scan a mail message.
> > IIRC, MailScanner doesn't use this option, since it has the message
> > processing within it... but, with the latest incarnation of encrypted zip
> > archives containing viruses, I think clamav is adding some signatures (or
> > intelligence, or both) to detect this kind of viruses, but, obviously, it
> > needs the complete message, that I think MailScanner doesn't give it...
> > wouldn't it be nice to be able to handle the whole message to 'clamav --
> > mbox' (or the equivalent library call) if we find an encrypted archive?
>
> I have to disagree, I think the beauty of MS lies in the fact that it
> uses the external components in its most basic way possible which makes
> them perform in the most stable manner. Invoking the scanner to scan a
> batch avoids all potential daemon troubles. Scanning simple attachments
> makes MS support more scanners than otherwise possible.
>
> Using more scanner specific features would make it harder to upgrade the
> scanner for one thing, probably MS would have to be upgraded too. And
> how will we handle scanners not supporting features others do?
>
> If you follow the Clam list, you can see that 90% of all the trouble
> comes from running clam and freshclam in daemon mode and the mbox
> implementation. I quickly delete those posts and feel smart about using
> MS. ;-)
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
> SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25
--
Mariano Absatz
El Baby
----------------------------------------------------------
A flashlight is a case for holding dead batteries.
More information about the MailScanner
mailing list