Re: [Exim] local_scan w spamassasin AND antivirus

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Derrick 'dman' Hudson
Fecha:  
A: exim-users
Asunto: Re: [Exim] local_scan w spamassasin AND antivirus
--
On Thu, Jun 06, 2002 at 08:31:53AM -0400, Dave C. wrote:
| On Wed, 5 Jun 2002, dman wrote:

|
| > --
| > On Wed, Jun 05, 2002 at 06:58:31PM -0400, Dave C. wrote:
| >
| > | Subject says it all.
| > |
| > | I have a need to do this. If anyone has done it I would love if they
| > | would share their hackery.
| > |
| > | If not then I guess I will try it on my own.

...
| > I don't think that an inefficient implementation would take very
| > long to knock together.

|
| Hrm.. Unfortunately, this is for high-volume mail server.. 'Inefficient'
| may work for testing, but it will surely not do for production..


Spend a little more time and optimize it better :-).  I think the
fastest order of checking would be :
    o   look for traces of executables
        o   if one is found, look for obvious virus signs
            o   reject if found (klez is well-suited for this)
        o   feed through AV
            o   reject as appropriate
    o   check whitelist(s), accept if appropriate
    o   feed small messages (<250K is spamc's default) through SA
        o   reject as approprieate


This way you can (attempt) to perform the least amount of processing
on any given message. I expect the AV software to be the slowest part
(though I have no empirical data to show that) which is why I chose to
avoid the AV scanning as much as possible. (if a message is
single-part and text/plain, it aint't a virus :-))

This is the best I can do.

-D

--

Who can say, "I have kept my heart pure;
I am clean and without sin"?
        Proverbs 20:9


GnuPG key : http://dman.ddts.net/~dman/public_key.gpg

--
[ Content of type application/pgp-signature deleted ]
--