Re: [webmin-l] virus scanner

[Craig W. <cra...@az...>]

On Mon, 2005-09-26 at 11:46 +1000, Daniel Pittman wrote:
> Craig White <cra...@az...> writes:
> > On Mon, 2005-09-26 at 10:54 +1000, Daniel Pittman wrote:
> >> da...@so... writes:
> >> 
> >> > I was wondering what the word on the street is on the MailScanner 
> >> > software. I note there's a webmin module written for it. Just 
> >> > wondering about functionality, scalibility, and upgrading.
> >> 
> >> The scanning, etc, side of MailScanner works very well -- as well as
> >> anything else out there, basically.
> >> 
> >> Personally, I wouldn't deploy it even if someone paid me, though.
> >> 
> >> MailScanner depends, by design, on poking around in the innards of the
> >> mail queues of the mailers it uses.  This is ... an interesting
> >> approach, since none of the major mailers actually document the queues,
> >> or expect random software to poke at them.
> >> 
> >> It does basically work, but I really don't feel comfortable depending on
> >> a package that uses as undocumented and unsafe interface to process my
> >> email.
> >> 
> >> 
> >> I would recommend, rather, the 'amavisd-new' package, which does a much
> >> finer job of using standard, documented interfaces to pass email around.
> > 
> > fwiw, I use mailscanner with both sendmail and postfix mta's and have
> > had no problems with it whatsoever. Different strokes for different
> > folks I guess.
> 
> Oh, I don't question that MailScanner *works*.  I just question the
> wisdom of using a product that explicitly depends on undocumented,
> internal features of other product to function correctly.
> 
> When Postfix or Sendmail decide to change their internal queue format,
> which has happened before and will doubtless happen again, MailScanner
> will no longer function correctly.
> 
> The author of Postfix, at least, has explicitly stated that this sort of
> fiddling with the internal queues is not supported, as well.  I believe
> that it currently works by accident, rather than design, as it doesn't
> update all the related internal information.
> 
> 
> So, it isn't that MailScanner will fail to work today that bothers me.
> It works, and does a decent job.  
> 
> What bothers me is that it *will* break at some unknown point in the
> future.  When it does, it may not just stop working, it may well corrupt
> every bit of email that passes through it.
> 
> 
> /That/ is what I worry about.  I don't want to have to find out if there
> have been any changes to the mail queue handling in Postfix or whatever
> before I apply a security patch.
> 
> I want things to just work.  Pretty much every other mail scanner out
> there uses documented, public protocols and interfaces, so I can trust
> 'em to keep working right when things change.
> 
> MailScanner doesn't.  Now, sure, you may not care about that, and if you
> don't, go ahead and use MailScanner.  It will work, for now. :)
----
my understanding is that Postfix has actually implemented a permanent
feature to hold and interrupt mail queue for this to operate and that is
what MailScanner does. I am not first hand involved in this at all and
couldn't make a knowledgeable argument but state with great confidence
that it isn't going to break.

This however has nothing to do with OP question, webmin or anything and
is opinion of under informed people (certainly on my part) and I see
little reason for this topic on this list. There is a MailScanner module
for Webmin, there isn't a amavis module for Webmin. I happily use
MailScanner with many Postfix installations and could never get amavis
working with similar efforts. I love MailScanner, it works, it's
effective and seemingly has everything that Mime-Defang has plus.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.