Virus scanning spam
Julian Field
mailscanner at ecs.soton.ac.uk
Fri May 28 01:53:14 IST 2004
I need to look at the whole area of handling a quarantine of virus-checked
spam files. And control over the order of virus-scanning vs. spam
-scanning. If the virus checking was done first, you could delete the
message before the spam scanning code got it, wihch would mean you could
then only archive uninfected messages for example.
This isn't as easy to do as maybe it should be, I never considered needing
to reverse the order when I designed the code architecture in the first place.
It would be even better if it could perhaps automatically switch order
depending on the current trend in email state. So normally it could run in
spam-then-virus order, but then detect a rise in the number of viruses and
switch to virus-then-spam order for extra speed during a large outbreak.
Normally spam-then-virus is faster if you delete or quarantine raw spam, as
you avoid virus scanning it altogether.
This isn't going to happen this week or any time soon like that, I need to
have a long think first to get the architecture right.
At 00:54 28/05/2004, you wrote:
>I'm glad you agree... the only way there would be a point in it would be to
>put the results in the quarantine only if it's not a virus. I don't believe
>in quarantining known viruses, but I *do* think it's useful to hold on to(at
>least temporarily) known non-viral spam if only to avoid the perils of the
>rarely occurring false positive.
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
>Of Julian Field
>Sent: Thursday, May 27, 2004 2:40 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Virus scanning spam
>
>
>At 20:31 27/05/2004, you wrote:
> > >From the MAQ:
> >
> >"16- Hey, MailScanner doesn't scan high scoring spam (or something I don't
> >"deliver")!
> >Anything which is not delivered or forwarded is not virus scanned. Here is
> >an explanation and workaround. Pretty simple, instead of not delivering,
> >do a store to an alias pointing to /dev/null. Thanks to Phil and Kai :)."
> >
> >Question: If the logical decision to do this is exactly as outlined in the
> >previous paragraph, (I don't do Perl so it would be difficult for me to
> >know), could one change the option to "anything that isn't delivered,
> >forwarded or stored" so that it would scan even high scoring spam that's
> >stored in the quarantine?
>
>I intentionally only ever put untouched mail in the quarantine. There isn't
>much point virus scanning something, throwing away the original content,
>and putting the results in the quarantine.
>--
>Julian Field
>www.MailScanner.info
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>-------------------------- MailScanner list ----------------------
>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/ and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>-------------------------- MailScanner list ----------------------
>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/ and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list