[Avcheck] Re: Two question ;)

Michael Tokarev mjt@tls.msk.ru
Sun, 12 Aug 2001 23:31:17 +0400 

[CC'd to avcheck@list.innominate.org]

voder@ats.pl wrote:
> 
> On Sat, 11 Aug 2001, Michael Tokarev wrote:
> 
> > voder@ats.pl wrote:
> > Grrr...  I can't understand this.  Look to `avpcheck -h' output:
> 
> Yep i do it and try this options by:
> 
> >     recipients (-M/-A)
> 
> When i use a -M options i send to recipients info about vir and
> orginal txt message and virused attachment...
> 
> When i use a -A options i send to recipients info about vir and
> headers but i don`t get a orginal txt message.
> 
> I want, when attachment has a virus send info to recipients
> about it and a original txt message without viruses...(with option
> -M avpcheck send it to recipient,too)

Aha, so you want to cut attachtment only, leaving other parts of
message intact, when sending to recipients, yes?  I.e. something
in between "only headers" and "complete original message"?

This is just another variant of what can be done with infected
message, and I never thought about this before.  No, it can't
do so.  Amavis parses MIME structure by itself, checking every
part of it using virusscanner.  This is why it is so slow.
Avcheck passes complete message to virusscanner that has it's
own MIME parser (that does only very necessary work).  This
is why avcheck is so fast.  But when you gets something, you
usually loose something else at a same time... ;)  No, this is
a joke, but it explains what's happened.

Your variant is possible too.  Even while avcheck itself can't
do this -- try to call that same amavis for *infected* mails
only (i.e. use avcheck to detect a virus, and amavis to
handle it) -- this way, you will get both speed and flexibility.
Well, configuration will be difficult...

But your (or amavis) idea looks interesting to me too.  While
I myself doesn't need this (in 99.9% of infected mails, message
consists from only attachtment, no text), but others can need
this shurely.  We need to have MIME parser and the same
antivirus to handle this from within script.

It seems that avcheck may become a "system to handle infected
mails" (as opposite to "a glue between virusscanner and mailsystem")
in some future... ;)

Regards,
 Michael.