procmail
[Top] [All Lists]

Re: "formail -D" but without updating the cache

2005-11-26 08:59:34
Dallman Ross:
Ruud H.G. van Tol:
Bart Schaefer:

what I'd like to do is cache a signature (the Message-Id for
purposes of example) when the message is first recognized as a
virus, and only run the scanner on subsequent messages where
the signature does not already appear in the cache.

"formail -D" is *almost* the right thing for this.  The trouble
[. . .]

My first try:

  1. create a copy of the viral-MID-cache

  2.a. if MID was already in copy-of-viral-MID-cache, destroy copy
cache, {...}, break.
    b. else just destroy (the now dirty) copy-cache

  3. scan for virus

  4. if viral, add MID to (real) the viral-MID-cache

The copy could have the PID in the filename. Or use a lock, in that
case you don't need to always create/destroy the copy, though it
will stil occur for most of the messages.

Alternatively, keep cache copy around and do manipulation only
if it changes.

That is what I meant with my 2.a (the 'break' meaning 'stop, we have a
virus'), combined with what I mentioned with locking. You either need a
fresh copy per process-id, or use a lock.

With the lock, you can keep the copy around until it is dirty, but it
gets dirty with every non-viral message, which normally is most of the
messages, so there is no real advantage in keeping the copy around.

You don't want to remember clean MIDs, because someone could send you
first a clean message and than a viral message, with the same MID.

I am trying to find a leaner alternative, maybe with manipulated MIDs,
but really have to go to a party now.

-- 
Grtz, Ruud


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail