You've seen several people ask why when they block .PIF/etc files, the fact that message contained a virus isn't detected. And you've seen the replies: it's a design issue. The component that quarantines attachments runs before the AV scanners do, and Q-S immediately cleans up and exits the moment a single reason to quarantine is found.
Originally I had the order perlscanner->AV for performance reasons: perlscanner has a much smaller overhead than the AVs. However, when I think about this, it really doesn't matter. I mean, let's assume that 1% of all your mail ends up quarantined (if we ignore the current SoBIG farce). Of that 1% maybe 0.1% is blocked by attachment. Basically who cares about the "extra load" it would cause: Would anyone mind if Q-S ran the AVs first and perlscanner last? The upside is that even if you block all PIF files, those with SoBIG would be reported correctly instead of being "policy" quarantines. I can't think of a real downside... Anyone else? If I here nothing, the next RC of 1.20 will have those two calls reversed. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Qmail-scanner-announce mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
