On Tue, 2010-04-13 at 13:21 +0200, Andreas Schulze wrote:
Am 13.04.2010 20:37 schrieb Noel Butler:
So, you want postfix to accept the virus, send it to dovecot's deliver which then calls a virus scanner and finds it infected and deletes it, that makes absolutely no sense ACK.
but imagine:
MTA delivers a mail where the virusscanner finds nothing. Mail gets delivered. Some time later there is a scannerupdate. Now the scanner would find a malicious content.
The same applies to your scenario, the chances of a 0 day virus getting in past the AV at MTA level and being found by the time the recipient checks mail is going to be so negligible, that said, the mailstore is additionally scanned every night regardless , without adding the massive resource hogging in having dovecot call AV everytime someone access mail, also, what about those who only do pop3? the same mail storage everywhere I've worked in past near 20 years is used to serve both, only the front ends differ, and in this part of the woods, there might be one imap user to every 5K pop3 user, if you use imap only, I still seeing it being a negative for resource reasons.
I may instantly scan the complete mailstore each time a new pattern arrives or scan only each accessed mail with the latest pattern. This seems smarter to me.
For this scenario I would like to see a concept for datainspection/datamodification in dovecot. What about when dovecot would act as a milter client? Sounds strange but the problems are the same, why not use existing solutions ?
I think your expecting dovecot to be more than what it is, it is not m$ exchange :) Cheers
