On Wed, 2 Jul 2008, John Jetmore wrote: > > > Postini claims their mail filtering works this way. They have X scanning > subsystems (at least one spam and one virus, but my understanding is > multiples of each). When a chunk of data comes in off the wire they feed > that chunk into each of the subsystems. Those subsystems may or may nor > choose to analyze that chunk of data or wait until it has more data. When > it has enough data to make a decision it can return a verdict at any point > in the exchange, even if it hasn't seen the entire message (for instance, > once it has enough data to see a mime boundary, that or the next chunk > containing the start of the file might be enough to see a virus > signature). I'm not sure if one positive subsystem is enough to flag the > entire message, but once enough subsystems have marked it as bad, the MTA > can start binning the incoming data stream until the dot is sent and they > can tell the sender it's rejected. >
This sounds about right ($dayjob is a postini reseller) > Obviously Postini is highly motivated to do this well and efficiently and I would hope so - but I've also seen situations where they are way behind the curve on. > I'm not suggesting Exim should be able to do this, just pointing out that > it can and has been done. Of course, Postini has written all of their own > subsystems too, they don't just plug into a out of the box clamav or > spamassassin... > Yup. It's all proprietary, as far as I know. -- -------------------------------------------------------- Dave Lugo [EMAIL PROTECTED] LC Unit #260 TINLC Have you hugged your firewall today? No spam, thanks. -------------------------------------------------------- Are you the police? . . . . No ma'am, we're sysadmins. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
