[Avcheck] Re: Saving messages

Michael Tokarev mjt@tls.msk.ru
Mon, 20 Aug 2001 16:05:52 +0400


[Cc'd to avcheck@list.innominate.org]

Fridtjof Busse wrote:
> 
> Hi Michael

Hello!
I'm sorry for so long delay -- too many work here, and you whould
noticied already my announcements and avp troubles...

> Is there any planning on a feature that stores the complete body of the
> infected mail in a specified directory, so that the admin would be able
> to recover at least the message-headers from a file on hd?
> Could be useful e.g. if the scanner detects a file as virus in error and
> there is no copy of the mail.

Well, a same question: what to do with infected mails.

In this particular case I see no need for such a feature, at least
not a direct need.  If you not use administrator notifications, then
configure it anyway -- you will have all messages in some mailbox,
just for this purpose.  Or, add another 2-3 lines into infected script
to save a file in another dedicated directory.  Note that in both
cases you'll need some another tool/script that will purge old messages
from that folder/mailbox, or else it will grow without bounds --
one-liner find+rm will sufficie here.  Having such external script
allows you to do almost all that you want -- well, with some knowlege
of tools involved (e.g. shell scripting or the like).

Really useful feature may be to save original mails in a file and
refer to this file in "virus alert" mails instead of including
the whole message, or, like in DrWeb examples, refer to administrator's
account (in order to see infected message sent to you, please
send a mail to virus-admin@ourhost and include the 12345 identifier).
Better yet (maybe) is to have a web-based interface for this (requires
auth!) that will be able to parse message structure etc.

BTW, Did you set up your system? -- I'm very interested in hearing
how you solved your mailing loop troubles and what what a cause.

Regards,
 Michael.