On Sat, Jan 10, 2004 at 08:39:39PM -0700, Michael Loftis wrote: > ># mailscanner system, works with Postfix and other MTAs. This uses > >unsupported methods to manipulate Postfix queue files, and there are > >multiple reports of message duplication and/or delivery of truncated > >messages. > > It isn't exactly supported nor unsupported....
anything that manipulates postfix queue files directly is definitely unsupported. Wietse Venema (postfix's author) strongly recommends against using any such tools as the exact format and structure of the postfix queues is considered internal to postfix and is subject to change at any time without notice. > Basically it relies on the fact that postfix can be told to use deferred > transports on inbound, automatically forcing everything to go into the > deferred queue. You run one copy of postfix in that mode. it also relies on the queue file format and queue directory structure not changing, which is explicitly denied by the postfix author. > > MailScanner catches about 30% more 'dangerous content' and virii than > amavisd-new given the same virus scanner because MS seems to unpack more > thoroughly/properly. the fact is, if you want to block viruses your best bet is to use body and mime-header checks to block all executable attachments. very few users really need to email an executable, and those that do can be taught to zip it up first. trojans inside zip files etc may still get through, so you still need a scanner....but by blocking executables you are greatly reducing the amount of work that the AV scanner has to do, and this greatly reducing the load on the server. also, trojans aren't anywhere near as much of a problem as viruses as they require active user stupidity (to run them) rather than just passive user stupidity (running outlook). craig
