Hello,
With Exim 4, local_scan api was inroduced and it is just too
nice and easy to use not to try it. I just finished testing
two simple local_scan functions I wrote; you'll find them
at <
http://www.rotfl.eu.org/exim/>.
local_scan_nai.c forks a child and runs Netwok Associates' uvscan.
local_scan_kav.c connects to Kaspersky's AV daemon via unix socket
and tells it to scan the message.
Both functions have received some testing, including some stress
testing, and proved to be stable enough for me to make them publicly
available. They both give permanent error (550) if a virus is found
and temporary error (4xx) if there is some local problem (broken
antivirus software, problems with fork or socket opening).
Comments are welcome.
N.B. A friend of mine asked Wietse Venema, author of Postfix, if he
would eventually add a functionality similar to local_scan to
that MTA. Wietse Venema pointed out two things:
1) With real-time scanning, as done with local_scan function, it's
much easier to kill your machine with high load when many messages
are received in a short period of time. This can be avoided with
Exim by setting smtp_load_reserve (and perhaps the other two
load-related options) appropriately.
2) It's possible that such scanning will introduce duplicate messages,
as described in RFC1047. <ftp://ftp.isi.edu/in-notes/rfc1047.txt>
I don't believe this is likely to happen unless - again - the
system is under high load and can't scan the messages fast enough.
Regards,
--
(-) Łukasz Grochal lukie@???
(for PGP key visit:)
_____________________________________________ http://www.rotfl.eu.org/ __
... all in all it's just another rule in the firewall. /Ping Flood/
