--
On Thu, Jun 06, 2002 at 08:31:53AM -0400, Dave C. wrote:
| On Wed, 5 Jun 2002, dman wrote:
|
| > --
| > On Wed, Jun 05, 2002 at 06:58:31PM -0400, Dave C. wrote:
| >
| > | Subject says it all.
| > |
| > | I have a need to do this. If anyone has done it I would love if they
| > | would share their hackery.
| > |
| > | If not then I guess I will try it on my own.
...
| > I don't think that an inefficient implementation would take very
| > long to knock together.
|
| Hrm.. Unfortunately, this is for high-volume mail server.. 'Inefficient'
| may work for testing, but it will surely not do for production..
Spend a little more time and optimize it better :-). I think the
fastest order of checking would be :
o look for traces of executables
o if one is found, look for obvious virus signs
o reject if found (klez is well-suited for this)
o feed through AV
o reject as appropriate
o check whitelist(s), accept if appropriate
o feed small messages (<250K is spamc's default) through SA
o reject as approprieate
This way you can (attempt) to perform the least amount of processing
on any given message. I expect the AV software to be the slowest part
(though I have no empirical data to show that) which is why I chose to
avoid the AV scanning as much as possible. (if a message is
single-part and text/plain, it aint't a virus :-))
This is the best I can do.
-D
--
Who can say, "I have kept my heart pure;
I am clean and without sin"?
Proverbs 20:9
GnuPG key :
http://dman.ddts.net/~dman/public_key.gpg
--
[ Content of type application/pgp-signature deleted ]
--
