[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, May 15, 2002 at 07:18:42PM +1000, Brian May wrote:
> > for many users.  The other scans all attachments for executable content,
> > regardless of the filename.  While not always desirable to reject such
> > messages, it is at least worthwhile to tag them as suspect and probably
> > either spam or a virus (or both..)
> > 
> > If amavis does not provide this functionality, then I shall seek it
> > elsewhere.  Perhaps that exim filter will do as I need; certainly I can
> > rewrite the filter in question for use with postfix in perl or python if
> > it does.
> What messages amavis detects as viruses depends on what virus scanning
> software you use with it.

Then it should be trivial to write a simple scanner in perl or similar
which is designed to detect binaries and reject them, if that is what you
wish.  I rather like the exim filter though, because it replies that you
should never send an executable without zipping it or something, which is
a good way to handle such rejections.  They're probably viruses anyway, so
there is the slight chance the sender might find out they're infected this
way, and it educates newbies which is also a plus.

> It will always scan all attachments, regardless of filename, mime-type,
> size or anything like that.
> So, if I copied one of scannerdaemon virus signatures here, in the body
> of this message, the message would never get to the destination. It
> would be detected as a virus.
> I am not sure, is this what you want? If not, it should be possible to 
> add what you want simply by modifying the code.

It's close.  If it can reject the message with a different 550 based on
what scanner tripped it, and one can configure a new scanner to do as I
suggest, it's perfect.

> This isn't perfect though, I have received SPAM emails with very
> suspicious attachments that aren't detected as virus...


Joseph Carter <knghtbrd@bluecherry.net>          I swallowed your goldfish
* CosmicRay wishes he had some strippers here....
<CosmicRay> err, wire strippers

Attachment: pgpxcjoDf9rmB.pgp
Description: PGP signature

Reply to: