I did just think of one other state that might be interesting to enumerate
and that is 'virus was detected but removed - message is now safe'. That
could simply be handled as a comment in the 'text' part of the result, or
by inserting it into the enumeration at index 1. I know a number of
anti-virus tools are able to 'clean' messages and being able to detect
that
in sieve might be useful. Would this be useful to add?
I do think virustest should be restricted to a very limited set of values
as the potential for damage caused by letting some through is much more
significant than spamtest.
Well with the F-Secure scanner (the one I'm most familiar with) the possible
return values are:
- Valid,
- Infected,
- Cured, (The sent content was disinfected.)
- Replaced, (The sent content is infected. The server replaced the original
content.)
- Error.
And probably add to that:
- Untested
So somehow I gotta map to the virustest values.... so I guess if we have
0 - definitely clear of viruses
1 - possibly contains a virus/unchecked
2 - definitely contains a virus
Then I could map valid, cured and replaced to 0, infected to 2, and error
and untested to 1. I suppose we could move to:
0 - contains no known viruses
1 - contained a known virus but the virus was replaced with harmless content
2 - contained a known virus but the conent was "cured" such that it is now
harmless
3 - possibly contains a virus
4 - unchecked
5 - definately contains a known virus.
But it's not clear to be that the above is the right order, but separating
them all is at least explicit, but then what if we get new results in the
future? I'm happy enough with the three values and using the string part to
work out if it was cured/replaced, or possibly/unchecked.
On a related point, the draft shouldn't say:
The virustest result is a string starting with a numeric value in
the range "0" (zero) through "2", with "0" meaning the message is
definitely clear of viruses, ....
As you can only say "clear of all known viruses given the set of AV updates
currently deployed". (sorry if this point has been made already :o/ )
Nigel