--redundant is, well, redundant. I know that Sophos Sweep won't munpack the message (i.e. won't be able to scan the attachments.) It seems a waste to make it try to scan the whole message just so it can check out the body (when we know that the attachments will be handled separately).
What I want to happen is this: 1) Message processed by qmail-scanner, passes internal rules 2) Run munpack -t on the message to extract attachments AND text (including body) to TMPDIR 3) Run the AV scanner on all extracted parts Would it be reasonable to modify the qmail-scanner-queue.pl sub check_and_grab_uuencoding such that the text portions of the message were saved to TMPDIR? (i.e. that this would behave like munpack -t) Then the AV scanner could still scan TMPDIR, and would scan attachments, body text, and headers. Any comments? David Rueter [EMAIL PROTECTED] > On Thu, Mar 18, 2004 at 01:05:27PM -0500, Jim Maul wrote: > > The --redundant yes option allows virus scanners to scan the > entire email, > > not qmail-scanner. I believe qmail-scanner itself always scans > the entire > > body of the email. > > ..but Qmail-Scanner *isn't* a virus scanner itself! That's what > the AV hooks > are for. > Indeed, but the original question was does qmail-scanner scan the body of the email. The answer to this is yes. But in order to find a virus in the body of the email (the <OBJECT tag), the body of the email must be passed to the AV scanner also. This is where the --redundant yes option comes in. > If you want to catch viruses, you must use the AV hooks. > of course! > If you want to block certain classes of messages for policy reasons, then > you can use the perlscan module of Qmail-Scanner (the > quarantine-attachments.txt file). However, that allows you to block on > header and attachment information - it doesn't support scanning > the body of > the message. > Since qmail-scanner already supports scanning of headers and attachment types, would it be worth while to allow it to block on body content as well? Or subject for that matter? I realize that these could end up bloating QS and making it slower but being able to block emails with <OBJECT> tags in the body would be great. I've noticed it already blocks CLSID tags. Im not sure if this is better suited for an av scanner... Jim ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
