On January 9, 2006 11:46 am, Dennis Peterson wrote: > > On January 9, 2006 11:06 am, Jeremy Kitchen wrote: > > > just reject viruses at the front door, and you'll be fine. > > > 'client-side' scanning (squirrelmail IS a client, even though it's > > > run on a server) is not a 'feature'. Don't think you should do it > > > that way just because thunderbird does it. The only reason > > > thunderbird or kmail have client-side virus scanning support is > > > because some providers don't do their own scanning.
> > Re-read your last sentence, then compare how Thunderbird accesses > > messages from a POP server compared to how SquirrelMail accesses > > messages from a POP server using the built-in Mail Fetch plugin (that > > completely by-passes any and all mail servers at the site using > > SquirrelMail). There is no functional difference, so why should one > > client be allowed to scan messages while another isn't? > > While it's not the most optimal setup, having the option to scan > > messages in the mail client should not be frowned upon. If your mail > > provider does not scan your incoming messages, then the mail client > > is a good place to scan messages. After-all, it's the only place > > *you*, the recipient, fully control access to the e-mail message. > One difference is the T-bird client uses client cpu clicks whereas > squirrel mail uses server clicks. Unless you can come up with a browser > based scanner. 10,000 users all clicking and scanning at the same time > seems like a potential problem for the average server. Personally I > don't think there's such a thing as being too late to scan for viruses, > but I do think if it's going to happen on my servers it's also going to > be my processes with customer policy input that does it. Now that's a genuine concern, but it could be mitigated using clamdscan in a SM plugin instead of clamscan. While it would still be using server CPU resources, it shouldn't be nearly as bad. Not sure how clamd would handle a couple hundred simultaneous requests to scan files, though. Perhaps a better mechanism would be to hook a virus scan into any download / view actions for attachments, similar to the way Yahoo!/Hotmail do things. That way, it wouldn't scan every message as it came in, but would only scan messages with attachments, when those attachments are accessed. But that's getting into the realm of the SM developers, and not so much the clamav devs. :) -- Freddie Cash, LPIC-1 CCNT CCLP Helpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] [EMAIL PROTECTED] _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
