Within the register sub of the clamdscan plugin, is this little nugget: # Set some sensible defaults $self->{'_args'}{'deny_viruses'} ||= 'yes'; $self->{'_args'}{'max_size'} ||= 128; $self->{'_args'}{'scan_all'} ||= 0;
Having a default enable for denying viruses is sensible enough. But a max_size of 128K? You mean all a virus author needs to do is attach an image to his virus laden message to evade virus scanning on a qpsmtpd server? Is that really a sensible default? My first inclination is that max_size should default to whatever $config->data_bytes is set to. Why would such a low limit be considered sensible? The other thing I'm questioning is why scan_all=0 is the 'sensible' default. If one is going to bother running a virus scanner, it would seem the "safe" choice is to scan everything. Should it be as easy as inserting an illegal character into the Content-Type field value (which would get ignored later), to bypass multipart detection, and thus virus scanning? Matt