ClamAV + MailScanner
Desai, Jason
jase at SENSIS.COM
Thu Mar 18 20:47:16 GMT 2004
I asked for something similar to this a couple weeks ago. Julian said he'd
consider it. It would be nice to have a config option to provide the whole
message to the virus scanners. If I remember, Julian was concerned with
what to name the whole message, and how to differentiate it from a similarly
named attachment. I think he was also concerned with additional I/O this
would add too.
Julian, I know you're busy, but have you had any more thoughts on this
feature? Just curious.
Jason
-----Original Message-----
From: Mariano Absatz [mailto:mailscanner at LISTS.COM.AR]
Sent: Thursday, March 18, 2004 3:29 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] ClamAV + MailScanner
But I'm not talking about using it in daemon mode... what I say is,
either interactively via 'system()' or directly via library (which is
what clamavmodule does), to give clamav access to the message as a whole
_only_ when MailScanner detects an encrypted archive...
I'm very fond of MailScanner's NOT using antivirus engines in daemon
mode.
El 18 Mar 2004 a las 19:48, Peter Bonivart escribió:
> Mariano Absatz wrote:
> > 2) For some time, clamav has had a command line option (I don't know if
> > it's available thru the library, but it should) to scan a mail message.
> > IIRC, MailScanner doesn't use this option, since it has the message
> > processing within it... but, with the latest incarnation of encrypted
zip
> > archives containing viruses, I think clamav is adding some signatures
(or
> > intelligence, or both) to detect this kind of viruses, but, obviously,
it
> > needs the complete message, that I think MailScanner doesn't give it...
> > wouldn't it be nice to be able to handle the whole message to 'clamav --
> > mbox' (or the equivalent library call) if we find an encrypted archive?
>
> I have to disagree, I think the beauty of MS lies in the fact that it
> uses the external components in its most basic way possible which makes
> them perform in the most stable manner. Invoking the scanner to scan a
> batch avoids all potential daemon troubles. Scanning simple attachments
> makes MS support more scanners than otherwise possible.
>
> Using more scanner specific features would make it harder to upgrade the
> scanner for one thing, probably MS would have to be upgraded too. And
> how will we handle scanners not supporting features others do?
>
> If you follow the Clam list, you can see that 90% of all the trouble
> comes from running clam and freshclam in daemon mode and the mbox
> implementation. I quickly delete those posts and feel smart about using
> MS. ;-)
>
> --
> /Peter Bonivart
>
> --Unix lovers do it in the Sun
>
> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
> SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25
--
Mariano Absatz
El Baby
----------------------------------------------------------
A flashlight is a case for holding dead batteries.
More information about the MailScanner
mailing list