On 11/18/2011 7:49 AM, David F. Skoll wrote:
The theory behind that copy is that virus authors might use malformed
MIME messages to evade virus scanning. So we pass botht he unpacked
parts as seen by MIME::Tools and the original message in case the
virus scanner's MIME parser works differently and sees a virus that
might evade MIME::tools or vice-versa. It's probably overkill, but
copying a file on a ramdisk is pretty cheap so I'd leave it in.
The extra checks in MD combined with things like bad file parts, etc.
has really helped stop emerging viruses before traditional scanner
signatures are updated. I would recommend the solution remain as-is.
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
