[Mimedefang] Which first: stream_by_x or virus checks?

Kelson kelson at speed.net
Thu Oct 18 12:59:03 EDT 2007


David F. Skoll wrote:
> First of all, you should scan for viruses before streaming and discard
> if you see a virus.

If it were just viruses, that would make things simple, but we've added 
the third-party SaneSecurity and MSRBL signatures.  These use the ClamAV 
engine to identify certain types of spam, and while they work very well, 
there are occasionally false positives, and I'm reluctant to silently 
discard them.

So for now, I'm discarding some hits and rejecting others.

> But if you detect a streamed-and-remailed message, you can omit virus-scanning.

I have no idea why I didn't think of that.  Chalk it up to looking at it 
late in the day.  Thanks!

> I would not recommend allowing end-user control over virus settings.  It's
> far too dangerous.

Oh, agreed!  I was thinking in terms of the response to those 
third-party signatures.  We've had the occasional customer insist on 
disabling SpamAssassin entirely (one of whom proceeded to forget he had 
done so, and complained bitterly about all the spam he was getting when 
he canceled his account).  There are people who would rather wade 
through the spam themselves than risk losing something because their 
mail provider made a mistake in filtering.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>


More information about the MIMEDefang mailing list