ClamAV + MailScanner

Desai, Jason jase at SENSIS.COM
Thu Mar 18 20:47:16 GMT 2004 

I asked for something similar to this a couple weeks ago.  Julian said he'd
consider it.  It would be nice to have a config option to provide the whole
message to the virus scanners.  If I remember, Julian was concerned with
what to name the whole message, and how to differentiate it from a similarly
named attachment.  I think he was also concerned with additional I/O this
would add too.

Julian, I know you're busy, but have you had any more thoughts on this
feature?  Just curious.

Jason

-----Original Message-----
From: Mariano Absatz [mailto:mailscanner at LISTS.COM.AR] 
Sent: Thursday, March 18, 2004 3:29 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] ClamAV + MailScanner


But I'm not talking about using it in daemon mode... what I say is, 
either interactively via 'system()' or directly via library (which is 
what clamavmodule does), to give clamav access to the message as a whole 
_only_ when MailScanner detects an encrypted archive...

I'm very fond of MailScanner's NOT using antivirus engines in daemon 
mode.

El 18 Mar 2004 a las 19:48, Peter Bonivart escribió:

> Mariano Absatz wrote:
> > 2) For some time, clamav has had a command line option (I don't know if
> > it's available thru the library, but it should) to scan a mail message.
> > IIRC, MailScanner doesn't use this option, since it has the message
> > processing within it... but, with the latest incarnation of encrypted
zip
> > archives containing viruses, I think clamav is adding some signatures
(or
> > intelligence, or both) to detect this kind of viruses, but, obviously,
it
> > needs the complete message, that I think MailScanner doesn't give it...
> > wouldn't it be nice to be able to handle the whole message to 'clamav --
> > mbox' (or the equivalent library call) if we find an encrypted archive?
> 
> I have to disagree, I think the beauty of MS lies in the fact that it
> uses the external components in its most basic way possible which makes
> them perform in the most stable manner. Invoking the scanner to scan a
> batch avoids all potential daemon troubles. Scanning simple attachments
> makes MS support more scanners than otherwise possible.
> 
> Using more scanner specific features would make it harder to upgrade the
> scanner for one thing, probably MS would have to be upgraded too. And
> how will we handle scanners not supporting features others do?
> 
> If you follow the Clam list, you can see that 90% of all the trouble
> comes from running clam and freshclam in daemon mode and the mbox
> implementation. I quickly delete those posts and feel smart about using
> MS. ;-)
> 
> --
> /Peter Bonivart
> 
> --Unix lovers do it in the Sun
> 
> Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
> SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2, MailStats 0.25


--
Mariano Absatz
El Baby
----------------------------------------------------------
A flashlight is a case for holding dead batteries.

More information about the MailScanner mailing list