Noel J. Bergman wrote:
Having looked into this a bit ago, I wouldn't say the OpenAV code is exactly how I would have designed it... you run a daemon that you TCP into and send the files through. This might be a nice design if you want to off-load the processing to another box (or cluster them since like Jason says, Virus scanning can take a huge load), but it doesn't make it very easy to bundle.Consider this: http://help.rr.com/getpage.asp?/faqs/e_mgsp.html. From what I read, 80% of corporate mail servers now incorporate some form of virus detection.It would be nice if James had a matcher capable of virus detection. I came across this article http://online.securityfocus.com/infocus/1650, and the associated OpenAV project at www.openantivirus.org. Imagine my pleasure at finding that the official projects, ScannerDaemon, VirusHammer and PatternFinder, are written in Java. The project page mentions GPL, but their SourceForge.net page mentions that it is also licensed under BSD, so we'll just have to ask for clarification, and make sure that we have some Open Source, non-GPL, license, as we've received from other cooperative projects. I think that this looks interesting, but I expect my own time to be consumed on other parts of James. Does someone else have the time and interest to look at wrapping a Matcher around the OpenAV scanner classes? --- Noel
You have to be pretty judicious about what gets scanned, which then leads to possibly not having things fall through the holes. Maybe as a simple approach we have a mailet that uses the remote (or local for that matter) daemon to scan for viruses, rather than trying to bundle the code. I think most mail server virus scanners are add-ons anyway, so this may not be too bad... include a mailet and a HOWTO.
While it's great to have this free, I do wonder about the value of slightly outdated virus definition files. I'd be interested to see if most viruses that get stopped by the commercial vendors are the current ones or if it's more just unknowing/unprotected users sending around old ones.
--
Serge Knystautas
Loki Technologies - Unstoppable Websites
http://www.lokitech.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
