Well,
Server side scanning is the preferred method. But I can still get
viruses into your database since the virus is not contained in the virus
scanners database, there are a lot of reasons to this, including the
human factor(=administrator error).
I do remember Melissa and others. These viruses contamined the mail
server on several companies. I therefore have a strong need to be able
to delete messages in the virus database based on virus content.
Richard Barrington wrote:
I think the way to approach it is to write a dedicated script/program to iterate
over the messages, read the data into a scanner, then react accordingly -
quarantine?/delete/pass.
It shouldn't be too difficult, but you may want to add a "scanned" flag to the
table so you know what's been checked (set it false when the message is created
/ written to, true after scanning) in order to speed things up on later runs.
Actually, I would have much more use for a timestamp on the records.
This way, I can select message blocks that are younger than the virus
and only scan them.
Well, this is a request for enhancement, add timestamp at a convenient
position in the database.
Potentially, you could interface the AV app into the message insertion/retrieval
database functions if it has a shared library version available (eg sophos),
which would be a whole lot quicker, and would alleviate the need to scan the
sendmail queue separately.
The database virus scan is an offline transaction, needed only in
emergency for washing out viruses that sneeked into my system.
/Magnus
