Lähettäjä: Tim Jackson Päiväys: Vastaanottaja: exim-users Aihe: Re: [Exim] libClamAV and local_scan()
Hi Pete, on Fri, 14 Nov 2003 07:16:10 -0800 you wrote:
> Though I believe virus scanning belongs on the client workstation rather
> than the server, I'm being pressured to implement some form of antivirus
> on the mail system I maintain :(
Even if somewhat of an, er, "extension" to the traditional role of an MTA,
centralised scanning is not *such* a bad "solution" to the problem of
e-mail-borne viruses. Whilst not a complete solution, I think I'd rather
catch what I can on a secured *ix server with centralised updates than
letting it all land up on end-user desktops and hoping everyone's got
working, frequent virus signature updates, the virus doesn't do something
that lets it evade/turn off the scanner etc. etc.
> Yes, I'm aware of MailScanner and exiscan - no, I don't want to use
> them.
I think you might have to elaborate on why exactly, if only to alleviate
an ongoing chorus of "why?" and perhaps save some work. What's wrong with
Exiscan? Even if there is some strange reason why you can't use it in your
particular configuration, it seems rather a waste of effort to reimplement
it (or a subset of it) - whatever the problem is that is stopping you
using Exiscan, maybe it would be better to solve that rather than
reinventing the wheel? Or is it not Exiscan but rather the "extra" of a
daemon which you want to eliminate? (You say you want to implement
libclamav calls directly in local_scan, which is fair enough, but is using
clamd/nclamd a big problem?)
You will also not get the other features of Exiscan if you implement a
local_scan solution, which include:
- Elegant ACL configuration
- Attachment blocking, which is particularly significant since blocking a
few extensions will stop >90% of viruses even getting near your virus
scanner, which seems a good first line of defence, especially against
yet-undiscovered viruses.
- ... (I'm not going to retype the Exiscan spec here :)
In other words, although I'm not knocking it, it seems an awful lot of
trouble to go to to write and test your own personal system, particularly
since you seem less-than-convinced about the worthiness of the exercise?
