develooper Front page | perl.qpsmtpd | Postings from April 2013

clamdscan plugin defaults

From:
Matt Simerson
Date:
April 30, 2013 02:31
Subject:
clamdscan plugin defaults
Message ID:
4D93BF59-A7EA-4D11-B656-14E37973A5AC@tnpi.net

Within the register sub of the clamdscan plugin, is this little nugget:

    # Set some sensible defaults
    $self->{'_args'}{'deny_viruses'} ||= 'yes';
    $self->{'_args'}{'max_size'}     ||= 128;
    $self->{'_args'}{'scan_all'}     ||= 0;

Having a default enable for denying viruses is sensible enough. 

But a max_size of 128K? You mean all a virus author needs to do is attach an image to his virus laden message to evade virus scanning on a qpsmtpd server?  Is that really a sensible default?  

My first inclination is that max_size should default to whatever $config->data_bytes is set to. Why would such a low limit be considered sensible?

The other thing I'm questioning is why scan_all=0 is the 'sensible' default.  If one is going to bother running a virus scanner, it would seem the "safe" choice is to scan everything. Should it be as easy as inserting an illegal character into the Content-Type field value (which would get ignored later), to bypass multipart detection, and thus virus scanning?

Matt


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About