Block SOBER at MTA (postfix)

Drew Marshall drew at THEMARSHALLS.CO.UK
Sun Dec 4 16:52:35 GMT 2005

On 4 Dec 2005, at 15:49, Julian Field wrote:

>>> Going forward (if the interest exists) i think we ought to  
>>> maintain  this for all supported MTAs and all (possible) new  
>>> virus outbreaks.
>> Agreed. Perhaps we can lift some of the regex's from the Clam  
>> virus  definitions? I have no idea how possible this is/ maybe...
> This sounds remarkably like you are trying to make a virus scanner  
> of your own. You better be sure this is really the sort of thing  
> you want to take on as a project. You'll have users wanting  
> signatures very quickly and stuff like that, before you know where  
> you are.
> Personally I would steer well clear of it, and try out various ways  
> of deploying ClamAV at MTA level if that's what you want to achieve.
> Just my 2p worth...

Re-reading my post it does sound like that doesn't it...

Certainly this is not what I am trying to achieve, however for major  
outbreaks using header/ body checks maybe useful (My ISP uses a  
similar technique on their incoming MTA's). This sort of thing can  
never be a substitute for a real AV product. After all, why re-invent  
the wheel, Clam does rather a good job and if you want MTA scanning  
use clamd direct from your MTA. Most have some form of plugin  


In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list