I would say use a CVS version AND use an external program to extract attachment :)
However, with exim+exiscan patch it's the mail server (or MTA) that does all the mime-ripping.
So in a way no "external" program required : only mail server and virus scanner.
I would also suggest to deny potential dangerous attachements by the smtp server. So the load from amavis and clamav will be much lower, especially on heavy traffic systems.
With postfix you can do it that way:
in main.cf:
mime_header_checks=pcre:/etc/postfix/body_checks
in the file /etc/postfix/body_checks
/^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\ *"?.*\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wmf)"?\ *$/ REJECT attachment type not allowed
With this method a lot of Viruses, maybe the biggest part will be filtered out before running amavis and clamav
rgds
Luc
PS: The clamav team really makes a good job! At work I scanned the 3TB File-archive in 4 days, and there where hundreds of viruses found,
even very old ones (oldest I saw about 8Years old)
Thanks :-)
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
