[Avcheck] An idea stolen from amavis-users :)

Michael Tokarev mjt@tls.msk.ru
Sun, 29 Jul 2001 00:14:58 +0400 

Oh, well, there are *so many* useful features one can
imagine! ;)  After somewhat big expirience as system
administrator, I can't imagine a better "tool" then
using e.g. perl (or shell, or python, you name it)
to write your own tools that meet *your* needs exactly.
When one somewhat familiar with programming, this isn't
really hard to do (and here is why I don't like windoze:
there is almos no ability to do so).  For example, in
order to implement something like this proposed example,
one might even use vacation of it's own, placing it as
recipient of virus-alert address.  Well, not quitely,
but basically this: redirect mails from avpcheck (or
any other virusscanner) to *a program* (written of it's
own) that will do all the work.  Message parsing isn't
difficult (them are autogenerated so has the same
well-known format).  Missing info is recipients, and
it can be added in avpcheck just fine.
More around this.  Avpcheck was written as a quick-hack
glue between postfix and avp.  If postfix will support
e.g. perl, that will be *very* trivial to write avpcheck
on perl, and here one gets *all* he can imagine.  Note
that noone can predict all the features that may be useful
to some people/site, really!  And another point: insetead
of doing something many times in each virusscanner, it
will be a good idea to write code just once (I mean a
robot that should receive virus notifications and handle
them, see above).  Avpcheck should quickly process normal
mails.  All other "virusprocessing" should be done outside
of it (well, other tools may be included in "avpcheck
distribution", too).

After looking to all this again, I thought that features in
avpkeeper (defining different "virus handler" based on
sender/recipient domains or some other info) also should
be done outside of this thin glue between mailsystem and
antivirus software (and this is another point to allow
"antivirus inside postfix" -- *real* glue *only*, not
all the customization etc.  Even generation of virusalerts
may be done externally, by calling some other external
program when virus really *detected* -- this way, one
will even get customizable message etc).

BTW, sounds like a general points, and probably should
be shared with amavis people too, should it?  Ralf, but
why avcheck list is for subscribers only?  I guess that
it is ok to *really* open it, as there are a few chances
that we'll get too much spam here (at least for now).

Regards,
 Michael.

Ralf Hildebrandt wrote:
> 
> > My thought is maybe only sending one infection
> > notification a day for each unique offender and
> > offending virus and just report the rest of them
> > to the adminitrator of the offended mail-server.
> 
>  This raises a valid point. This is basically how vacation
>  works (it keeps a database of senders, so that they get
>  only one reply).
> 
>  Amavis does not currently report to the administrator
>  of the originating server (e.g. postmaster@<virus-sender-domain-part>).
>  I did this here for a while, but then removed it for
>  privacy reassons.
> 
>  How do you report to the "administrator of the offending mail server"?
>  There are many sites that don't even have a postmaster address/alias
>  (violating the relevant RFCs).
> 
> That "vacation style"-idea sounds nice. Maybe we should create a
> wishlist for avcheck. OTOH, it's nice to keep the program as simple as
> possible.
> 
> --
> ralf.hildebrandt@innominate.com                            innominate AG
> Technical Consultant                   Don't be afraid of what you see -
> Diplom-Informatiker                     be afraid of what you don't see!
> tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77