Re: [exim] two stage virus scan

Pàgina inicial
Delete this message
Reply to this message
Autor: David Saez Padros
Data:  
A: Marten Lehmann
CC: exim-users
Assumpte: Re: [exim] two stage virus scan
Hi !!

>> is really a bad idea to send a bounce message for viruses, almost all
>> sender addresses are faked and you get the risk to be blacklisted by
>> other servers.
>
> but what happens to false positives (which should be very rare)? Then neither
> the sender nor the recipient knows what happened to the mail.


a false positive when checking virus using a commercial virus scanner ?

> When I'm
> refusing the virus mail at SMTP time, then an error will be generated to the
> one that connected to our server. But when the virus mail is refused later in
> the mailserver (at transport time), how do I inform the one that connected to
> our server then?


better don't do that, i personally blacklist anyone doing this and
others do the same. If you want you could inform your users about the
rejection until they complain about it.

>> sorry, i mean routers not transports
>
> Sure, but every router ends in one or more transports so I don't see a
> difference in this matter.


no, redirect routers have no transport

>>> A (very cloddy) way would
>>> be to do no interal forwardings/redirects,
>> that's what verify recipient does
>
> No, "verify = recipient" only checks if there is at least one router that
> accepts the email. It doesn't know if one of the recipient is a mailbox that
> requires a virus check.


the trick with address_data (if it's still available in acl checks after
verify = recipient, which i'm not sure it is) is that you could know if
the recipient forwards email to another email address so you could see
if that one requires or not a virus check. Anyway as a redirection could
generate more than one address and you could also have redirections to
redirections i'm not usre this will work 100%. BTW, this was a topic
discussed by other people and i was only referring to it, you should
read that topic in the archives if you are interested in it.

> We can scan all incoming emails, this is not performance problem doing this.
> We can add a header that marks it as a virus. But how can a certain transport
> refuse to deliver such an email?


if you accept only one recipient per message then you could have one
router for users with virus check with a condition that checks for that
headers and another one for users without virus check.

>> try amavis
>
> But a amavis is old and slow and a separate perl-daemon and just an additional
> source of error. And I don't see how it could help me. Our virus scanner can
> handle complete emails including zipped attachments and it can be called
> through a malware-acl, so I really don't want to use amavis.


i think there is amavis-new also, and it will do all you want. Of course
it's perl ... but it will be easy for you if you don't know how to do
what you want with exim.

--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------