Re: How to virus-check cyrus-imap mailboxes
Terje Fåberg said:
>
> Hi,
>
>
> And that's where I'm standing right now: I have a few
> gigabytes of emails and no clue whether there are any
> virii in them. And neither do I have a clue how to
> solve this problem.
this is very difficult to do in my experience. I've only
had to do this once, you can see the thread here:
http://marc.theaimsgroup.com/?t=100970760600001&r=1&w=2
it involved a virus that got past my sophos scanner but
was caught at my 2nd tier scanner(mcafee). the trouble
was the scanners do not understand the encoded files so
you gotta decode them. after probably 2 hours of research
I figured out a hacky way to do it. it involved editing
the amavis test script so the temporary directories were
not automatically removed when the message was scanned.
As you can see this thread is nearly a year old so I
do not remember what specific modifications I made to
the script, but it wasn't hard to do(took maybe 5-10
minutes and I don't know perl)
at that point I had the raw temporary files amavis works
with and I was able to find the file with the virus.
doing this on thousands of emails though would be
difficult, though not impossible.
passing it through amavis is probably the best bet since
it handles all the encodings and compression schemes for
you, I think it would be easier then trying to find something
to decode the messages by hand.
never hurts to have virus scanning on the desktop too
nate
Reply to: