[Dovecot] Virusscanning

Jerry dovecot.user at seibercom.net
Tue Apr 13 14:45:28 EEST 2010 

On Tue, 13 Apr 2010 13:21:28 +0200, Andreas Schulze
<andreas.schulze at datev.de> articulated:

> MTA delivers a mail where the virusscanner finds nothing. Mail gets
> delivered. Some time later there is a scannerupdate. Now the scanner
> would find a malicious content.

DEFINE: "Some time later". Are you referring to today, tomorrow, next
{week,month,year}? Depending on your AV solution, you should all ready
have the capabilities to run a virus scan on the directory(s) involved.

> So I may instantly scan the complete mailstore each time a new
> pattern arrives or scan only each accessed mail with the latest
> pattern. This seems smarter to me.

All ready possible using ClamAV.

Doesn't your MUA offer any AV scanning? If not, then perhaps it is time
to investigate the possibility of using a new MUA.

> For this scenario I would like to see a concept for
> datainspection/datamodification in dovecot. What about when dovecot
> would act as a milter client? Sounds strange but the problems are the
> same, why not use existing solutions ?

This would just lead to redundancy with no applicable favorable
results. Scanning the message when it arrives and then rescanning the
INBOX at preset intervals is about as good as it is going to get. Using
an MUA that has its own scanning engine would also be a plus. You could
even engage multiple AV engines. A really bad idea IMHO; however, you
pay your dues, you take your chances.

If Postfix is set up correctly with the proper checks, etc, SPAM and AV
problems are reduced dramatically. I have not had a VIRUS get through
to my system in years. An occasional SPAM, but then again, no system is
fool proof. Besides, nothing is fool proof to the sufficiently motivate
fool.

In any case, I worry more about some nefarious individual breaching my
firewall than I do about contracting a VIRUS.


-- 
Jerry
Dovecot.user at seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

Aquadextrous, adj.:
	Possessing the ability to turn the bathtub
	faucet on and off with your toes.


	Rich Hall, "Sniglets"

More information about the dovecot mailing list