On Tue, 9 Nov 2004 [EMAIL PROTECTED] wrote: > i d like to know if it s possible with clamav to delay scanning new emails > with attachments for 6 hours in case of the discovery of a new virus.
Wow, you are a brave soul. If our customers were delayed by 6 hours they would go elsewhere. A scanning pop3/imap proxy will help give you the buffer time you are looking for. Assuming a virus is delivered to the mailbox and the customer doesn't pickup their mail for several hours, the pop3 proxy will catch the virus if a new sig has come in between delivery and pickup. If you can comfortably defer mail for 6 hours then you might just setup a greylist since viruses are usually one-shot. Have your MTA 4xx messages which don't match a [to, from, ip] tuple which has already been seen by your system. Then later, when the original sending MTA retries the message (~1hr usually) your system will accept it since the tuple has been seen. I have seen this proposed before and there is even software out there to do it but people don't usually like the 1hr delay. Of course future messages from/to the same people from the same sending ip will deliver immediately since your system has seen the message. This is probably ok because viruses rarely send to/from the same address. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
