procmail
[Top] [All Lists]

"formail -D" but without updating the cache

2005-11-25 23:38:06
I have a solution for this, but I thought perhaps someone could
suggest a better one.

Background:  I have a home-grown virus scanner specially designed for
"human engineered" worms like the recent faux-FBI "you have visited
illegal websites" variant.  It works extremely well but it's a bit
CPU-intensive.  Because it runs from procmail (the LDA), it doesn't
get a shot at the worm message until after sendmail alias explosion,
so it ends up running multiple times if an alias is the initial
recipient.

So what I'd like to do is cache a signature (the Message-Id for
purposes of example) when the message is first recognized as a virus,
and only run the scanner on subsequent messages where the signature
does not already appear in the cache.

"formail -D" is *almost* the right thing for this.  The trouble is
that when you run it, it adds the message-id to the cache as a side
effect when it is not already there.  I need some way to test for the
presence of the message-id in the cache *without* adding it, so that I
can *later* add it if and only if the scanner identifies a virus/worm.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail