mv virus infected mail files behind cyrus's back

John Conant jconant at aerodyne.com
Thu Oct 13 08:29:19 EDT 2005 

We use both Trend Micro and Clamav to check mail on the way in.  Then 
overnight we have Trend Micro rescan the whole mail store.  After that, 
early in the morning, we run a scheduled reconstruct just in case some 
messages were removed.  We do detect things overnight that weren't found 
on the way in, and its not always because of updated virus definitions.  
We don't understand the difference, but it happens...   That system has 
worked well for us for over a year.  However, most of our users are with 
POP, and the IMAP users seldom use disconnected mode...

Sebastian Hagedorn wrote:

> Hi,
>
> --On 13. Oktober 2005 00:21:44 -0400 Dan MacNeil <dan at thecsl.org> wrote:
>
>> dm> Would would it be clean to replace the file with
>> dm> another message file [...]
>
> well, it's not really something you're supposed to do on a regular 
> basis ... a cleaner approach would be much harder to implement, 
> however. So if you feel you must do this, the "reconstruct" way should 
> be OK. Note that it may cause problems for IMAP clients that use 
> disconnected mode, because the UIDVALIDITY of a modified mailbox will 
> change, thus invalidating the client's cache.
>
> We don't do anything like that. We scan for viruses when the mail is 
> delivered. Obviously not all are found, but I believe that you can't 
> get 100% protection. SO we try to educate our users to stay alert and 
> not to rely only on virus scanners. Modifying mail that's already been 
> delivered seems too intrusive to me. YMMV, obviously.

-- 


                              Regards,

                                   John Conant

=======================================================================
 jconant at aerodyne.com        "An expert is a [person] who has made all
 John Conant                 the mistakes which can be made in a very
 Aerodyne Research, Inc.     narrow field" - Niels Bohr (attrib.)
 Billerica, MA 01821
 (978)663-9500, ext. 292     FAX (978)663-4918
=======================================================================

More information about the Info-cyrus mailing list