RE: [Mimedefang] ClamAV and related issues running under MD. was: Re: Mimedefangtimeout
On Fri, 13 Feb 2004, Rob wrote: However it would be nice if MD didn't make any assumptions about the capability of any virus scanner and did the same as AMAVIS does - extract and decode the email so that the virus scanner software has as little to do as possible. MIMEDefang does exactly that. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] ClamAV and related issues running under MD. was: Re: Mimedefangtimeout
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll On Fri, 13 Feb 2004, Rob wrote: However it would be nice if MD didn't make any assumptions about the capability of any virus scanner and did the same as AMAVIS does - extract and decode the email so that the virus scanner software has as little to do as possible. MIMEDefang does exactly that. Hmm, then something strange is going on with my build - FreeBSD 5.2 with Sendmail 8.12.11, MD 2.39 both built from ports. In the clamd log I get the following for an email with a ZIP attachment: /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-4.txt: OK /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-5.zip: OK The ZIP file in question contains 3 files (a .ini, .dll and .txt). No sign of them being extracted. Am I likely to be missing something that is required to extract ZIP files? I get the same result for .bz2 and .gz files. -- Rob ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] ClamAV and related issues running under MD. was: Re: Mimedefangtimeout
On Fri, 13 Feb 2004, Rob wrote: /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-4.txt: OK /var/spool/MIMEDefang/mdefang-i1DKATdg040935/Work/msg-38690-5.zip: OK The ZIP file in question contains 3 files (a .ini, .dll and .txt). No sign of them being extracted. Ah, I misunderstood. MIMEDefang does not extract zip files. Nor do I ever plan on adding that functionality. I have two reasons for taking this position: 1) The number and variety of archives is bewildering (ZIP, LHARC, tar.gz, tar.bz2, LZH, ...) and when you have zips containing tars containing ... it becomes too messy to deal with. 2) I'm not confident I could obtain code for all those formats which is resistant to decompression bombs. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] ClamAV and related issues running under MD. was: Re: Mimedefangtimeout
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Ah, I misunderstood. MIMEDefang does not extract zip files. Nor do I ever plan on adding that functionality. I have two reasons for taking this position: That's a shame, but worth knowing. Means I'll be leaving AMAVIS in the loop for a while longer then :( -- Rob ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] ClamAV and related issues running under MD. was: Re: Mimedefangtimeout
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon R. Kibler So, this brings up a few questions: 1) What is AMaViSD-new doing that MD isn't. (We abandoned AMaViSD a couple of years back and I really don't want to even have to consider that as an option to solve this problem!) AFAIK AMAVISD extracts and decodes the email, splitting it into it's separate parts, so that you end up with a sub-directory with all the various parts of the email, decoded, in it. The theory being that you only have to do that once, rather than each virus scanner doing it. I also am in the process of replacing my AMAVIS installs with MD, though this does make me think that, for the time being, I may not want to actually finish that process. I think I'll leave an AMAVIS install in the loop for the time being :( I guess the bottom line issue is why does running ClamAV under AMaViSD-new catch things that MD does not, and should this be considered a MD problem, a ClamAV problem, or both? Personally, I'd say it's a bit of both. Partly it's a bad case of blinkers on behalf of the ClamAV team. However it would be nice if MD didn't make any assumptions about the capability of any virus scanner and did the same as AMAVIS does - extract and decode the email so that the virus scanner software has as little to do as possible. -- Rob ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
