Derrick MacPherson wrote:
> This particular event this weekend one was someone sending a 5
> meg attachment, that in the scan directory was expanding to nearly 60
> megs. Now it takes some time, but it will get scanned, though while it's
> being processed by us, the remote server sends it again. And again, etc.
> Now I'm mainly confused as to why but more in how to stop this.
You could limit the size of the messages you're scanning. The
$message_size variable contains this. Assuming you're using the content
scanning extensions (i.e. using "malware in the DATA ACL) something like
the following may be useful:
deny message = Virus found ($malware_name)
condition = ${if <{$message_size}{8M}}
malware = *
That will skip scanning for messages over 8MB.
Tim
