[Avcheck] an idea: removing defer_transports?
Michael Tokarev
mjt@tls.msk.ru
Mon, 13 Aug 2001 14:00:04 +0400
Ralf Hildebrandt wrote:
>
[]
> > touch /var/spool/avp/noconn
> > sleep 10 # to allow any pending checks to complete
>
> Will 10s suffice?
This is a good qiestion. From my tests here, avpd can only
do bad things when interrupted at the very beginning of
scan process. When it is at "middle" of the process, it
simple returns corresponding error code (interrupted...),
and avcheck treats it as a temp error (just like it will
do when `noconn' file above exists). I think that daemon
has signal handler that simple writes that code and exits,
but it setted up a bit later than it should be.
It is interesting what the daemon will do when interrupted
in the middle of a final write() call, when it attempted to
write results back to client. My tests didn't triggered
that, but who knows... Errm, open source is better!.. ;)
Anyway, in short: the more delay you will set up, the less
chances you have to get strange things (large mail will
require more time to complete, but large mails are rare,
and probability decreases with increasing time interval).
And the only bad thing can happen is that infected mail
can pass a viruscheck -- and here probability imho is
less than to pass a mail infected by *unknown* virus...
Regards,
Michael.