Problem with cyrus and deleting a message with a virus.

[John Alton Tamplin]

mb/cyrus at dcs.qmul.ac.uk wrote:

>Irrelevant question. The fact that it could happen is enough. I can't stop
>my users going to someone's computer (which has no virus protection) and
>connecting to my IMAP server. I have students who will no doubt use the
>IMAP server as a filestore when they run out of quota on the fileserver.
>  
>
The same arguments apply if you were talking about an Oracle database -- 
users could store viruses into the database and someone else could 
extract it from that database and execute it.  However, you wouldn't run 
a virus scanner on Oracle databases that just deleted files if it didn't 
like them -- the Cyrus mailstore is no different, even if some of the 
parts are stored in a familiar format.

The clean way would be to add a filtering layer wherever messages could 
be stored into Cyrus.  It is easy enough to add a front-end to the 
delivery side using the various MTAs, but it would be more work to 
filter messages stored via IMAP.  Until then, the correct way to do it 
would be to use IMAP to muck with the message store (even if you found 
which files you had a problem with by running directly on the 
filesystem, but of course there is no guarantee you are seeing a 
consistent state).  If you insist on deleting the files out from under 
Cyrus, then be content with private hacks to work around the problem, 
reconstruct the mailboxes you tamper with, or just live with a partially 
broken mailstore.

-- 
John A. Tamplin                               Unix System Administrator
Emory University, School of Public Health     +1 404/727-9931