On Tue, 13 Apr 2010 13:21:28 +0200, Andreas Schulze andreas.schulze@datev.de articulated:
MTA delivers a mail where the virusscanner finds nothing. Mail gets delivered. Some time later there is a scannerupdate. Now the scanner would find a malicious content.
DEFINE: "Some time later". Are you referring to today, tomorrow, next {week,month,year}? Depending on your AV solution, you should all ready have the capabilities to run a virus scan on the directory(s) involved.
So I may instantly scan the complete mailstore each time a new pattern arrives or scan only each accessed mail with the latest pattern. This seems smarter to me.
All ready possible using ClamAV.
Doesn't your MUA offer any AV scanning? If not, then perhaps it is time to investigate the possibility of using a new MUA.
For this scenario I would like to see a concept for datainspection/datamodification in dovecot. What about when dovecot would act as a milter client? Sounds strange but the problems are the same, why not use existing solutions ?
This would just lead to redundancy with no applicable favorable results. Scanning the message when it arrives and then rescanning the INBOX at preset intervals is about as good as it is going to get. Using an MUA that has its own scanning engine would also be a plus. You could even engage multiple AV engines. A really bad idea IMHO; however, you pay your dues, you take your chances.
If Postfix is set up correctly with the proper checks, etc, SPAM and AV problems are reduced dramatically. I have not had a VIRUS get through to my system in years. An occasional SPAM, but then again, no system is fool proof. Besides, nothing is fool proof to the sufficiently motivate fool.
In any case, I worry more about some nefarious individual breaching my firewall than I do about contracting a VIRUS.
-- Jerry Dovecot.user@seibercom.net
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
Aquadextrous, adj.: Possessing the ability to turn the bathtub faucet on and off with your toes.
Rich Hall, "Sniglets"