Re: [AMaViS-user] sanesecurity sigs and bounce_killer ?

Sat, 18 Apr 2009 16:34:49 -0700 

Henrik,

> > > > Perhaps a good compromise is to only do MIME decoding but no other
> > > > archives decoding, and let a virus scanner also see the complete
> > > > message:
> > > > @decoders = ();
> > > > @keep_decoded_original_maps = (new_RE( qr'^MAIL$' ));

> It does not work optimally. Even with @decoders empty (no do_mime_decode),
> it still writes all the parts to disk. There is no need to waste resources
> on scanning all parts, modern scanners are happy with only the whole mail.

So give them only a file email.txt to scan, instead of the
complete ./parts/ subdirectory. For example with clamd, replace
  "CONTSCAN {}\n"
with:
  "CONTSCAN {}/../email.txt\n"
remembering that {} is expanded to a tempdir/parts/ path.

This would make clamd only see the original mail, and ignore any
decoded parts in a subdirectory parts/ that might be provided by amavisd.

Now, a decision to do MIME decoding, and further decoding of archives,
would only depend on whether such decoding is needed for other purposes:
- MIME decoding is needed for bounce killer to work;
- MIME decoding (and possibly further decoding) is needed for banning
  rules to work, it provides the necessary information for them;
- all decoding paralleling the decoding in a virus scanner may be needed
  to protecty a virus scanner from mail bombs. Whether this is necessary or
  not depends ona virus scanner, some of them can take care of themselves,
  others (especially older versions) cannot.

Mark


------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and 
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today. 
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to