You've seen several people ask why when they block .PIF/etc files, the fact
that message contained a virus isn't detected. And you've seen the replies:
it's a design issue. The component that quarantines attachments runs before the
AV scanners do, and Q-S immediately cleans up and exits the moment a single
reason to quarantine is found.
Originally I had the order perlscanner->AV for performance reasons: perlscanner has a much smaller overhead than the AVs. However, when I think about this, it really doesn't matter. I mean, let's assume that 1% of all your mail ends up quarantined (if we ignore the current SoBIG farce). Of that 1% maybe 0.1% is blocked by attachment. Basically who cares about the "extra load" it would cause:
Would anyone mind if Q-S ran the AVs first and perlscanner last? The upside is that even if you block all PIF files, those with SoBIG would be reported correctly instead of being "policy" quarantines.
I can't think of a real downside... Anyone else?
If I here nothing, the next RC of 1.20 will have those two calls reversed.
I think this would be a good idea, and i think you should add an option, currently virus mails & quarantine-attachment blocked files are sent to the same admin account. It would make sence to split them up in an infected account, and a attachment quarantine account.
It would make life easier for admins that have to search for legit attachment mails, specially with worms like Sobig flourishing.
The SA patch here: http://www.xenos.net/software/qmail-scanner/ already does this for spam messages, (applies to 1.16 with a tiny line change). It would be great if the mails could be filtered to a virus, a spam, and an attachment quarntine account..
Regards
Cream
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
