[Mimedefang] Which first: stream_by_x or virus checks?
kelson at speed.net
Thu Oct 18 12:59:03 EDT 2007
David F. Skoll wrote:
> First of all, you should scan for viruses before streaming and discard
> if you see a virus.
If it were just viruses, that would make things simple, but we've added
the third-party SaneSecurity and MSRBL signatures. These use the ClamAV
engine to identify certain types of spam, and while they work very well,
there are occasionally false positives, and I'm reluctant to silently
So for now, I'm discarding some hits and rejecting others.
> But if you detect a streamed-and-remailed message, you can omit virus-scanning.
I have no idea why I didn't think of that. Chalk it up to looking at it
late in the day. Thanks!
> I would not recommend allowing end-user control over virus settings. It's
> far too dangerous.
Oh, agreed! I was thinking in terms of the response to those
third-party signatures. We've had the occasional customer insist on
disabling SpamAssassin entirely (one of whom proceeded to forget he had
done so, and complained bitterly about all the spam he was getting when
he canceled his account). There are people who would rather wade
through the spam themselves than risk losing something because their
mail provider made a mistake in filtering.
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang