[Avcheck] avcheck header?
Michael Tokarev
mjt@tls.msk.ru
Mon, 03 Dec 2001 15:45:21 +0300
Len Conrad wrote:
>
> Can infected be modified to add a header like:
>
> X-virus-scanned: myhost.mydomaian.com, time, date
>
> ??
This is the avcheck C-language program that should add
such a header if at all. `infected' helper spawned for
mails infected by a virus only, not for normal mails.
Av daemon set up in a way so it is unable to modify a
message it scans (in order to protect message contents
from any possible bug in av daemon).
Well, it is more-or-less simple to add such a header with
avcheck (only minor modification required). I intentionally
not implemented such a feature in a first place -- I see no
reason for it. It may look good but has some questionable
effects.
If you know your mailserver does a virusscanning, then you
know all mails it processed are virus-checked. So internally
this header is useless (unless users will start to ask why
mails aren't checked now if them will not see that header).
For others (foreign to your site), this header is also almost
useless -- folks will know you uses a virusscanner, nothing
more. Noone who also uses virusscanner will trust your one
anyway, right? (at least not based on some header, as it is
easy to add such header in a virus). But if for whatether
reason your virusscanner will pass an infected message (e.g.
some new virus that isn't in your virusbases yet), then it's
time to blame you -- "aha, them claims to use a virusscanner,
but in fact it either doesn't work or doesn't exists. Them
are bad guys".
And if a virusscanners will be more widely used, and every one
scanner will add it's own header... Look to headers -- them
already too big compared to overage message size. Think about
additional Received: header added by postfix after content_filter.
And imagine that every Received will be "duplicated" by corresponding
"X-AV-Checked:". I personallt don't like unnecessary information.
Anyway, if there will be sufficient demand I can do this for 0.7
version... ;)
Regards,
Michael.