-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 14 Apr 2010, Sven wrote:
I see a leakage with on-access virus scanning while using IMAP. Imagine users are sharing mailboxes, one uploading malware via imap, others downloading it via imap. Another one is the above mentioned virus scanner update. Scanning in the MUA is nice but can't deliver 99% sureness. I can't control every client. In my next setup there will be a SSL/SASL only configuration. So proxies will have problems and are one more possible point of failure (and need maintenance).
The only solution i see for this is a general AV-daemon or something like dazuko to scan whole disk activity. Weekly scans of the whole filesystem are usefull anyway. Or some dovecot filter plugin.
You've mentioned to not scan on the mail server, didn't you?
Well, the protocol-aware firewall can act as proxy itself, hence, decrypt the connection itself and forwards the commands as plain text. Or use another Dovecot instance for proxying and decrypting and put the scanner in between the Dovecot proxy and the backend Dovecot.
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS8WkI7+Vh58GPL/cAQKCoQf/a75CgIwRiRbmu2uB+TErgdCK4mGxsiRC PotZ2oCs8D0jkPEOclkGHECEwCCq7WY0TRjDveHcIXjbn4YVjKJECu4bHfEpfoxo 3Bns+Z9g/NqZupbp7m8JFnJagYdp4dhbHqvQPC44DTzLgO5gdnM5+z3KsVh7c/lN pSk7zxrvoxI96H73mWzs3mM63WS/4ZWC/1ACZMKGX7zQcKiwWCJwMLrXL0/EKjdW jyzJ/iqluCKSKZVIEXI6I29CBWrLqVwFlJNxUBi8HsY/uACfHGNL9KrvNnGEUfUW 07TErTobeatm6LnTUOJcyEK8Yu9FPX79w0lo2O6x24o8UIiojtc6jw== =isH/ -----END PGP SIGNATURE-----