Re: [exim] options to obsoleted 'demime'?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\OpenMacNews at <-
MMOpenMacNews at ->
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: exim-users
Subject: Re: [exim] options to obsoleted 'demime'?
On Wed, Sep 28, 2005 at 10:29:26AM -0700, OpenMacNews said:
> hi tom,

> Tom Kistner <tom@???> said:
> >Unpacking MIME and archives for AV checking has very special requirements.
> >The optimum being a complete emulation of Microsoft's MIME libraries
> >(including emulating all of its bugs). It will always be best-effort for
> >us.

Full ACK there.

> >Leave dealing with this stuff to the AV scanners. Their authors have gone
> >great lengths to optimize their decoding/unpacking engines. I do not think
> >it
> >is worth the effort to reinvent THAT wheel :)

The problem is that they are doing the the saem thing, roughly - like
all software authors, they use libraries, and if they fail (like, for
instance, libz only unpacks one type of zip archive), then clam doesn't
unpack it either. If the demime facility does no better, than I guess
you're probably right.

> (b) one of clamav's maintainers (or were you just 'borrowing' the hat,
> stephen?) suggests use of (or at least wish for ...) Exim demime to unpack
> rather than clamav.

No, I do maintain clam for Debian. It's a joy and a pain, but that's
life with software, I guess :)

> >Leave dealing with this stuff to the AV scanners
>
> should there at least be some communication FROM:
> those-who-delve-in-Exim's-depths TO: those-who-delve-in-ClamAV's-depths to
> facilitate the 'fixing' of any shortcomings that we, as floundering
> end-users, might be exposed to?

If exim's demime facility doesn't do a better job at unpacking archives
than the various libraries (libz, libbz, etc), then it's no loss and no
gain either way. I was under the impression exim managed to unpack a
few archives that those libraries missed, but that was a little while
ago - things may have improved.

> or, at least, some an appropriate lying-through-its-teeth Exim marketing
> sheet that convinces us that we won't be beset upon by untold thousands of
> virii? ;-)

If you don't have defer_ok set, clam's failure will 4xx the mail anyway
- no legions of virii to worry about.

Take care,
--
--------------------------------------------------------------------------
|  Stephen Gran                  | There is a multi-legged creature        |
|  steve@???             | crawling on your shoulder.   -- Spock,  |
|  http://www.lobefin.net/~steve | "A Taste of Armageddon", stardate       |
|                       | 3193.9                                  |
--------------------------------------------------------------------------


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Multiple Log Files - Feature RequestRe: [exim] help from mac users please->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)