Author: Marco Wessel Date: To: exim-users Subject: Re: [exim] timeout for av_scanner?
> > Indeed, you should maybe not accept huge files without scanning them.
> However, what is the purpose of a virus if it needs a 10MB+ file to be
> propagated to other systems? What I mean is that virus generally don't
> take more than 1MB because if they were, they wouldn't spread fast
> enough or efficiently enough to do what they are designed to do. So
> as a
> general rule of thumb, it is probably quite pointless to scan
> emails of
> more than 1Mb for viruses. It is probably also pointless to scan them
> against spam.
The point, I think, was to protect from viruses that attach to other
files. However, most if not all viruses distributed by e-mail are of
the kind that self-replicate (i.e., worms), and are simply malware
that does nasty things like spam and flood and whatnot. I don't think
I've seen a virus of the kind that attaches itself to your files and
applications in the last 10 years or so. In other words, I think not
scanning files over, say 10MB or so is an acceptable risk to take.