Re: [Exim] Re: the Klez virus

Top Page
Delete this message
Reply to this message
Author: Patrice Fournier
Date:  
To: exim-users, Matthew Byng-Maddick
Subject: Re: [Exim] Re: the Klez virus
Quoting Matthew Byng-Maddick <exim@???>:

> I mentioned before on this list that I think you'd have to be
> criminally insane to want to scan mail for viruses on SMTP incoming.
> Spam != Virus mail. If you want to try scanning for something, you
> may want to scan 42.zip (a copy of which you can find at
> http://colon.colondot.net/~mbm/42.zip)


If one has the right checks, it can go well.

The latest Exim does have a local_scan_timeout so we can make sure we will
respond by x seconds to the remote host so if we set this value correctly,
we should never see a double because of a long scan... I'm not sure Exim
kills the child so the load may still get high on the machine.

One can also have checks in the local_scan function, I have not yet
integrated amavis to local_scan, but scanning a message containing 42.zip
did return in about 3 seconds with a temporary error. Of course a
temporary error would mean the message will come back over and over but at
least, it won't take the machine to the ground... And one can decide it
doesn't want this kind of message and return hard error when that kind of
protection gets triggered...

Another possibility would be for the local_scan function to have it's own
timeout and if it reaches it, set a new header and return ok to Exim. Then
have a router that checks for that header and restart/complete the check
using the traditional method. There are ways to do some of the checks
during delivery and still be safe.



--
Patrice Fournier
pfournier@???