Re: [Exim] Using SA-Exim and Exiscan at the same time

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marc MERLIN
Date:  
À: Tom Kistner, exim-users
Sujet: Re: [Exim] Using SA-Exim and Exiscan at the same time
On Sat, May 11, 2002 at 10:23:23AM +0200, Tom Kistner wrote:

Hi Tom, thanks for your message.

> I'm also interested in cooperation since most people seem to want both
> AV and Antispam. Since SA does not seem to add a very large overhead,
> it may be feasible to do both. (Caveat: see my discussion with MBM).


Agreed.
(I'm still looking at the SA overhead on my system, sometimes it takes a
*long* time, and I think it's because of some DNS queries, I'm trying to pin
down which ones so that I can remove them, but otherwise, it's from 3 to 10
seconds, and probably less if you remove most DNS queries)

> > Ideally, exim should allow local_scan modules (shared libraries) to register
> > with it, and it should then call each module in sequence, so that they don't
> > have to know about one another (just like sendmail does with milters)
>
> That would require Philip to do some work first.


Yep, although I believe we should work with him first, before working around
the existing limitations :-)

> But since SA works on the body too, there would be much less overhead to
> agree on a singe MBOXification of the message and then work on the same
> file ...


You might save on the code a bit, but there is very little overhead in
reading the headers from exim, and pumping the body from disk to the pipe.
I don't store it in memory, so if I have to pass it twice, which I do if you
ask to save rejected messages, I read it twice from disk
Keeping the body in memory would be more efficient, but I'm wary of the
memory usage for big messages, I do'n tthing it's a good idea.

Thinking about it, one optimization is to read the body once and feed it to
both SA and Exiscan as it is being read, but that'd make the code rather
complex (multiple forks, synchronization, and battle between both checkers
to decide who outputs what).
It may be the way to go though

> I did not mention that the "old" exiscan v2 still works perfectly with exim4.
> It does scan outside of the SMTP session, with all the pros and cons
> involved.


That's true, it's also an option.

> I am on holiday until June 1, I'll contact you when I'm back and we can
> sort out the details then. Maybe PH has some ideas regarding the
> modularization of local_scan() ? ;)


Sounds good.
Have fun on your holiday

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key