[Avcheck] Separation of checking and reporting parts?
Michael Tokarev
mjt@tls.msk.ru
Wed, 01 Aug 2001 18:11:04 +0400
After some thought about the whole virusscanning,
I want to implement it in slightly different way.
Let *checker* be as light as possible, to run
fast for normal mails. But when it finds infected
message, it should call some other program (script
will be used in almost all cases), that can be run
slowly etc etc, but can be customized as someone
likes. Avpcheck now saves message in temporary
file anyway, so it (file) will be passed to it
just easy. But some other questions exists:
o how to pass antivirus messages to that
external script? I think it is ok to
use stdin here, so it isn't an issue.
o how to reinject mails back (in case of
e.g. virus-alerts etc) from that script?
Avpcheck now has mini-smtp-client implemented
(used for that purpose too), but external
script will need to use it's own utility
(well, /usr/sbin/sendmail is ok to use here
with one exception: in this case one can't
use "content_filter=xyz" as parameter in
main.cf (to scan mails injected by sendmail
too)). Or, something like mini_sendmail
should be used (or perl's Smtp client).
Another external program dependence is not
good here IMHO.
o what to do if script has ability to allow
infected mail to at least some of recipients?
Currently, it will need to send (reinject)
it back itself. I use avpcheck with
content_INSPECTOR (mail doesn't leave the
queue and continues routing after checking),
so it will be bad if that script will reinject
mail back (while avpcheck bounces a message).
We should have a way to pass some information
back from a script to avpcheck: e.g. a list
of recipients that should receive mail anyway.
Currently, I see no good way to do so.
o also as I noted earlier, my plan is to implement
avcheck as a postfix daemon too (in parallel with
"plain" external program). It will have far more
abilities to reinject message back, together
with proper logging (just like local(8) logs now
forwards:
postfix/local[1234]: old-queue-id: forwarded as new-queue-id
). So if script will reinject infected mail
for *some* recipients back (see above), things
will be even worse.
Again, this is a general questions, probably of
interest in amavis mailinglist too. Oh, well, I
need to subscribe there too... :)
Regards,
Michael.