procmail
[Top] [All Lists]

Re: "formail -D" but without updating the cache

2005-11-26 05:53:07

On Sat, Nov 26, 2005 at 12:37:07PM +0100, Ruud H.G. van Tol wrote:
Bart Schaefer:

what I'd like to do is cache a signature (the Message-Id for
purposes of example) when the message is first recognized as a
virus, and only run the scanner on subsequent messages where
the signature does not already appear in the cache.

"formail -D" is *almost* the right thing for this.  The trouble
[. . .]

My first try:

  1. create a copy of the viral-MID-cache

  2.a. if MID was already in copy-of-viral-MID-cache, destroy copy
cache, {...}, break.
    b. else just destroy (the now dirty) copy-cache

  3. scan for virus

  4. if viral, add MID to (real) the viral-MID-cache

The copy could have the PID in the filename. Or use a lock, in that case
you don't need to always create/destroy the copy, though it will stil
occur for most of the messages.

Alternatively, keep cache copy around and do manipulation only
if it changes.  So we run "formail -D" against the copy,
then, either using exit codes or actually comparing the copy
against the main cache -- exit codes is probably better --
only if needed (new Message-ID appears in copy), run the
scanner.  Overwrite the main cache with the copy only
if the scanner comes up poz.  Otherwise, copy in reverse.

For known viral senders, no more cache manipulation will
need to be done.

Btw, my Virus Snaggers still works well, and is not
much of a load.  Even if you don't want to trust it entirely,
you could run it first on unvetted Message-IDs, and if it
comes up positive, cross-check with your scanner the
first time.  If it comes up negative, it also has a
var set if there is an attachment, so you'd check for
that, and if it's not set, then there was no attachment,
so there will be no real need to run a second scanner.
If vsnag is negative but there *is* an attachment, you
can decide whether to run the second scanner also.

Just some quick thoughts.

Dallman

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail