Does someone know if there is a way to call the sub "filter_bad_filename" after the antivirus check ?
Sure. In my filter() in mimedefang-filter, I do the anti-virus check first
and call filter_bad_filename() farther down. Works fine.
Yes, but be wary that the overheads of virus scanning first just so that you can say that "hello.scr" was Bagle.AU rather than Bagle.AT are significant when compared to the effort to say that the extension is ".scr", so we're dropping it and doing no more work. Also, it is very tempting to then say that anything which clears the virus scan is OK, when in fact any HTA, PIF, SCR, etc file is 99.999% likely to be a virus, and even if it isn't, you should be enforcing a policy that sending these types is not allowed. That way, if you're A/V update fails or your vendor is too slow to issue the latest signatures, you're still mainly protected.
It all depends on the policy you want. If you want to reject all noncompliant mail, then least-resistance is the way to go. If you want to take different actions, you may have to rearrange things a bit.
For example, I drop definite mass-mailing viruses, reject other viruses, reject .exe, .scr and a few others, and defang other "bad" filenames after some extra checks on files like "whatever.com proposal.doc" or "cnn.com.html"
-- Kelson Vibber SpeedGate Communications <www.speed.net>
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
