On Wed, Jun 25, 2003 at 04:53:22PM -0400, john crawford wrote: > Developers: > > We are blocking with quarantine-attachments.txt, certain > suffixes. It would be nice if the virus checking logic would > run and make a response before the suffix check is (optionally) called. > For silent_viruses (where the sender information is bogus) qmail-scanner
I'm afraid the perlscanner file checks happen first for a reason - they're cheap :-) Any virus/whatever you can block earlier means less work for your system. For virii that are really obvious - like the new Sobig-E that came out yesterday (which always has an attachment "your_details.zip") - you can always define your quarantine-attachments.txt entry for it including a string that will match the "silent_viruses" entries. You should be able to "hack it" by ensuring one of the "silent_viruses" phrases appears in your description area in quarantine-attachments.txt... However, in general you are correct. The "silent_viruses" is nice, but I don't know if I'm willing to move chunks of code around - making Q-S less efficient - just to make that work again. In fact, in the next release of Q-S, I've added even more "direct detection" code for obvious MIME-hacks/etc - again, they'll block messages and you won't know what virus it was blocking. All in the name of performance. Any suggestions on a better solution would be welcome of course. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
