mv virus infected mail files behind cyrus's back
jconant at aerodyne.com
Thu Oct 13 08:29:19 EDT 2005
We use both Trend Micro and Clamav to check mail on the way in. Then
overnight we have Trend Micro rescan the whole mail store. After that,
early in the morning, we run a scheduled reconstruct just in case some
messages were removed. We do detect things overnight that weren't found
on the way in, and its not always because of updated virus definitions.
We don't understand the difference, but it happens... That system has
worked well for us for over a year. However, most of our users are with
POP, and the IMAP users seldom use disconnected mode...
Sebastian Hagedorn wrote:
> --On 13. Oktober 2005 00:21:44 -0400 Dan MacNeil <dan at thecsl.org> wrote:
>> dm> Would would it be clean to replace the file with
>> dm> another message file [...]
> well, it's not really something you're supposed to do on a regular
> basis ... a cleaner approach would be much harder to implement,
> however. So if you feel you must do this, the "reconstruct" way should
> be OK. Note that it may cause problems for IMAP clients that use
> disconnected mode, because the UIDVALIDITY of a modified mailbox will
> change, thus invalidating the client's cache.
> We don't do anything like that. We scan for viruses when the mail is
> delivered. Obviously not all are found, but I believe that you can't
> get 100% protection. SO we try to educate our users to stay alert and
> not to rely only on virus scanners. Modifying mail that's already been
> delivered seems too intrusive to me. YMMV, obviously.
jconant at aerodyne.com "An expert is a [person] who has made all
John Conant the mistakes which can be made in a very
Aerodyne Research, Inc. narrow field" - Niels Bohr (attrib.)
Billerica, MA 01821
(978)663-9500, ext. 292 FAX (978)663-4918
More information about the Info-cyrus