[Exim] size of virus messages

Top Page
Delete this message
Reply to this message
Author: Kirill Miazine
Date:  
To: exim-users
Subject: [Exim] size of virus messages
Hello exim-users,

At the end of last week I moved RAV virus scanner from Postfix to Exim.
Previously Postfix received the messages, passed them through the virus
scanner and send them further to Exim. Unfortunately this approach
wasn't flexible enough.

So I cooked a tiny smtp server in Python that receives the message from
ravpostfix (which receives the message from Exim) and reinjects it into
the exim queue with "exim -oMr rav-scan -bS".

Here's the router and the transport to do the scanning:

rav_scan_router:
    driver = manualroute
    condition = ${if eq{$received_protocol}{rav-scan} {no} {\
        ${if >{$message_size}{2M} {no} {yes}}}}
    route_list = * localhost
    transport = rav_scan_transport


rav_scan_transport:
    driver = smtp
    transport_filter = /usr/bin/spamc
    port = 10025


As you see I don't want to scan messages larger than 2 Megs as I don't
think there are viruses that large being actively distributed (average
size in the quarantine queue now is about 250-300 Kb).

Now the question - are viruses larger than 2 Megs distributed? Should I
increase the size, say to 5 Megs?

Thanks in advance,

--
Kirill Miazine, Stud.Jur.           | Don't Fear the Blowfish
Faculty of Law, University of Oslo  | http://www.OpenBSD.org/