We are getting into all the general questions regarding firewalls here -
or at least a close parallel.
Is it better to protect a network or to make the machines secure etc...
However I am going to ignore that.
There are various ways of getting virus scanning. Probably the cleanest
of which is to put it into the system filter with the perl stuff - don't
worry about the performance hit of perl, you are looking at *really*
serious CPU power for this because you need to decode and open each
message and then apply a scanning engine to it, all of which is seriously
hard work.
Other methods include packages that do the scanning already - used to be
one we tested called Interscan Viruswall which seemed pretty good. I
would handle those by having 2 exims and the scanner running on a server.
One exim accepts mail and smarthosts everything through a SMTP link to the
scanner (running on localhost on a different port), that then fires things
into the second exim (with a separate queue).
Finally, one interesting method would be to freeze *everything* as it
comes in (maybe exclude things that are text/plain only). Then have an
external process that diddles with the queued body files and releases the
freeze should the virus scanner be happy. This would be nice and easy to
setup with exim. It also serialises your checking - which could make
loading an easier issue.
Nigel.
--
[ Nigel.Metheringham@??? - Systems Software Engineer ]
[ Tel : +44 113 207 6112 Fax : +44 113 234 6065 ]
[ Real life is but a pale imitation of a Dilbert strip ]
--
*** Exim information can be found at
http://www.exim.org/ ***