On Monday 03 January 2005 08:48 pm, Charles Sprickman wrote:
> Hi,
>
> I'll apologize in advance here, this is really a maildrop question, but
> after posting there three times I haven't received an answer to what
> should be a simple question (not even an admonishment or flame from Mr.
> Sam)...
>
> I found a nice network-ready clamd client that I want to use:
>
> ftp://victor.teaser.fr/pub/lwa/clamd-stream-client/
>
> That allows me to do virus-scanning on another set of boxes; all the other
> clients assume a local clamd server, which is no good.
>
> It's pretty simple, you feed it a message and it returns a clean exit code
> if there's no virus.  If there is a virus it prints the name to STDOUT and
> exits with exitcode 65.  Simple, right?

that's not even compatible with clam{d,}scan

those tools use 0 for clean, 1 for virus, and 2 for non-virus.  Having 
different tools using different exit codes is a maintanence nightmare waiting 
to happen.

> So I hacked together a simple rule in my local mailfilter rule like so to
> test it:
[snip]

now my question is: why aren't you doing this at the queue level so you can 
simply reject viruses at the smtp level?  This would be a much simpler 
design, and you could easily do all of the logging / tracking that you 
wanted.

just my two cents.

-Jeremy

-- 
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
      kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail
         GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]

Attachment: pgpKbLtxXmg05.pgp
Description: PGP signature

Reply via email to