Charlie Brady wrote:
1) Are there any actual viruses in the wild <10k in size (with the
assorted mail headers remember) other than the EICAR test?
Even if there aren't today, there may be in the future. I don't think
it's worth taking risk on.
After doing a little research, it appears some of the Netsky viruses are
around 2k in size. But my second point is still valid: if you are using
this for a spamtrap, you aren't going to scan for viruses, so it doesn't
matter. If you _are_ scanning for viruses, you want to set the
size_threshold at your lowest comfort level (and the maximum size as
well in the AV scanner at the highest level).
I found some code in my local branch which I apparently never committed
to the repository which should fix both issues. I'm just having a
problem with the cached size_threshold value not being used (i.e. it
gets it anew for each transaction, which it shouldn't).
John
