Re: [exim] two stage virus scan

Top Page
Delete this message
Reply to this message
Author: Marten Lehmann
Date:  
To: 
CC: exim-users
Subject: Re: [exim] two stage virus scan
Hello,

> is really a bad idea to send a bounce message for viruses, almost all
> sender addresses are faked and you get the risk to be blacklisted by
> other servers.


but what happens to false positives (which should be very rare)? Then neither
the sender nor the recipient knows what happened to the mail. When I'm
refusing the virus mail at SMTP time, then an error will be generated to the
one that connected to our server. But when the virus mail is refused later in
the mailserver (at transport time), how do I inform the one that connected to
our server then?

> sorry, i mean routers not transports


Sure, but every router ends in one or more transports so I don't see a
difference in this matter.

> > A (very cloddy) way would
> > be to do no interal forwardings/redirects,
>
> that's what verify recipient does


No, "verify = recipient" only checks if there is at least one router that
accepts the email. It doesn't know if one of the recipient is a mailbox that
requires a virus check.

We can scan all incoming emails, this is not performance problem doing this.
We can add a header that marks it as a virus. But how can a certain transport
refuse to deliver such an email?

> But I don't know if this is possible to configure, I think exim
> will grump that target and sender host is the same.
>
> try amavis


But a amavis is old and slow and a separate perl-daemon and just an additional
source of error. And I don't see how it could help me. Our virus scanner can
handle complete emails including zipped attachments and it can be called
through a malware-acl, so I really don't want to use amavis.

Regards
Marten