> -----Original Message----- > From: John Andersen [mailto:[EMAIL PROTECTED] > Sent: Friday, August 25, 2006 4:20 PM > To: users@spamassassin.apache.org > Subject: Re: Discourage broken content > > > On Friday 25 August 2006 12:10, Rick Cooper wrote: > > That is patently false. I have a graphics design/advertising > department at > > one of my locations and these fellas send huge graphics files back and > > forth when they have emergency proofs/changes and MailScanner > has *never* > > damaged anything, ever, anywhere. Now, there is a setting for scanning > > (much like exiscan IIRCC) that allows you to truncate the > message and only > > scan xxx amount, it's optional and doesn't modify the actual message in > > anyway. > > Yes, Rick, that is correct, but the situation under discussion is that > mailscanner passes a partial file to the spamassassin proceess, > which in turn > passes that partial file to the image analysis plugins, which > decide that the > image is broken. > > Upon being passed by spamassassin, the entire, unchanged mail is sent > on its way intact by mailscanner. > Amavis-New does something similar. Shreds mail into > pieces, launches scanners on the pieces. > > The problem is that the spam scanner (and presumably virus > scanner) plugins > are being handed partial files. Not a good practice in my view. >
I misunderstood what decoder was saying. And no, MailScanner doesn't give the virus scanners partial messages. In fact it goes to great pains to completely unpack all attachments (including tnef) and sanitize the file names, etc. The option to give partial messages to SA is due in part to the historical lack of need to hand a large message to SA to determine ham/spam and there are/were vulnerabilities in the tnef processing that could be exploited by very large tnef attachments. Mailscanner currently handles tnef in a way I doubt there would be a problem and can in fact (optionally) decode tnef attachments and recreate them as standard attachments that any mail client can handle. In any event I plan to bring this up on the MailScanner list and suggest the default behavior should no longer be handing only a part of the message to SA. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
