On Mon, 8 Nov 2004, Tim Howell wrote: > I think a lot of us may use ClamAV on gateway SMTP servers that > eventually deliver mail to Microsoft Exchange. Have any of you thought > of what it would take to use Clam to scan mailboxes stored on an > Exchange server? Clam is great, and it catches almost everything that > gets sent to us, but there are times when we receive several copies of a > virus before Clam has definitions for it.
I keep meaning to write a proggie called something like popwatch which logs into a pop server, retrieves each message and deletes infected messages. Of course it would/should need to mail the user saying it deleted a message and keep it quarantined in case of false-positive. This is kind-of a twist on a pop3 proxy and I know that exchange has a pop3 connector. This would at least alleviate this kind of timing problem: 00:15 - virus arrives 00:22 - Clam sigs updates 00:30 - popwatch cleans out the virus 08:00 - user logs in With the above example the user would have gotten a virus since exchange already accepted the message. This may not be feasible over a slow link, but certainly possible. You would want the popwatch software close to the server bandwidth-wise. If you intend to write something like this, ping me offline and I would be happy to coordinate efforts. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
