Problem with cyrus and deleting a message with a virus.

Additive GmbH System Admin sysadm at additive-net.de
Tue Jan 28 04:01:42 EST 2003



Mark London schrieb:

>>>Hi - We are running uvscan, and it will delete a cyrus message file that
>>>contains a virus.  Of course, cyrus doesn't know that the message is deleted,
>>>so it still shows that message, albeit it shows up as being from Unknown with
>>>(no subject).  The problem is that this message can't be deleted, no matter
>>>what method the user tries.  The only solution we have found is to replace the
>>>deleted message with a dummy file, and then it can be deleted.  We can't be
>>>the only one having this problem.  Do other people run virus scanning
>>>software, like uvscan, on their server?  Thanks. -   Mark
>>>      
>>>
>>If you're messing around with the internal data stores of a program, and
>>then you get upset when the program doesn't work, I'd say that you've
>>created your own problem.
>>    
>>
>
>I'm not messing with it, uvscan is doing it.  Is there a better software
>alternative that will delete viruses on the server?  Are we the only people
>using cyrus that are running virus scanning software on the server?
>
>Btw, I would think cyrus should be able to handle the simple case of a missing
>single file.  I should be able to delete a message for which the message file
>is already missing.  We're not talking about a complex database file structure
>here.  It's a single file with a single message.
>
>  
>
Did I get you right that you simply run the scanner via cron to delete 
infected files? Why - if you don't want to put it on a proxy - don't you 
run amavis together with uvscan when sendmail attempts to deliver the 
mail locally via cyrus-deliver? This is what we're doing here, and it 
works really fine. Infected Mails won't reach the cyrus spool area and 
therefore cause no problem. One thing left: when a user moves a mail 
into the imap folders from his email client, it could possibly be 
infected. So we do two things about that: Every user has a 
server-controlled Anti-Virus System (Symatec AV Corporate) running that 
makes sure the clients itself are clean. Second is, we run uvscan via 
cronjob also, but don't let it quarantine oder delete infected files 
automatically. If it really should find a virus that has stolen itself 
into a client or the cyrus spool, we delete it manually. This never 
happened up till now, it's just a second 'Line of Defense' for absolute 
safety.
Running this system really works quite perfect, never had any problem up 
till now.

Regards,
Andreas Grimmel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030128/f3f24525/attachment.html


More information about the Info-cyrus mailing list