List Info

Thread: question on AV scanning
question on AV scanning
user name
 2008-03-25 06:59:01 
    Hello Guys,

    amavis decode email parts and store them on those
directories 
created just like $MYHOME/amavis-20080320T110410-11254 and
store decoded 
parts on the /parts directory.

    Question is .... when AV is called, it's called on the
temp 
directory or only /parts one, which contains the extracted
parts ?

    If it's called only on parts, is it possible to call AV
on the upper 
directory, which contains email.txt as well as the parts
directory ?

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudessolutti.com.br
	My SPAMTRAP, do not email it





------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
Re: question on AV scanning
user name
 2008-03-25 10:23:59 
Leonardo,

> amavis decode email parts and store them on those
directories
> created just like $MYHOME/amavis-20080320T110410-11254
and store
> decoded parts on the /parts directory.
>
> Question is .... when AV is called, it's called on the
temp
> directory or only /parts one, which contains the
extracted parts ?

Right.

> If it's called only on parts, is it possible to call AV
on the upper
> directory, which contains email.txt as well as the
parts directory ?

Use key 'MAIL' in keep_decoded_original_maps, e.g.:

keep_decoded_original_maps = (new_RE(
  qr'^MAIL$',   # retain full original message for virus
checking
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it
contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));



amavisd-new-2.0 release notes:
- provide optional ability to retain complete email message
in its
  un-decoded form (alongside its decoded parts) for a virus
scanner
  to see (enabled if $keep_decoded_original_re matched
string 'MAIL');

amavisd-new-20030616-p8 release notes:
  * ability to present the full non-decoded original message
to virus
    scanners was partly back-ported from the development
version.
    Enabled by adding qr'^MAIL$' or
qr'^MAIL-UNDECIPHERABLE$' to the
    list in $keep_decoded_original_re, as illustrated in
amavisd.conf;
    similar to a patch by Ted Cabeen. The following keys are
used for a
    lookup into $keep_decoded_original_re:

    'MAIL'
      always provide a full original message to virus
scanners
      (besides its successfully decoded components);

    'MAIL-UNDECIPHERABLE'
      same as for 'MAIL', but only if it contains
undecipherable components
      such as password protected archive members,
unsupported compression
      methods or encrypted parts (e.g. with PGP). Don't put
too much trust
      into this, as some more exotic file formats may not be
understood
      and not flagged as undecipherable;


Mark

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )