Hello exim-users,
At the end of last week I moved RAV virus scanner from Postfix to Exim.
Previously Postfix received the messages, passed them through the virus
scanner and send them further to Exim. Unfortunately this approach
wasn't flexible enough.
So I cooked a tiny smtp server in Python that receives the message from
ravpostfix (which receives the message from Exim) and reinjects it into
the exim queue with "exim -oMr rav-scan -bS".
Here's the router and the transport to do the scanning:
rav_scan_router:
driver = manualroute
condition = ${if eq{$received_protocol}{rav-scan} {no} {\
${if >{$message_size}{2M} {no} {yes}}}}
route_list = * localhost
transport = rav_scan_transport
rav_scan_transport:
driver = smtp
transport_filter = /usr/bin/spamc
port = 10025
As you see I don't want to scan messages larger than 2 Megs as I don't
think there are viruses that large being actively distributed (average
size in the quarantine queue now is about 250-300 Kb).
Now the question - are viruses larger than 2 Megs distributed? Should I
increase the size, say to 5 Megs?
Thanks in advance,
--
Kirill Miazine, Stud.Jur. | Don't Fear the Blowfish
Faculty of Law, University of Oslo | http://www.OpenBSD.org/