Wietse Venema wrote:
>
> Virus inspection software must not have access to postfix privileges.
> Virus inspection software must be on the other side of a very narrow
> interface to Postfix. No access to queue files, no access to internal
> process communication, no access to Postfix internals at all.

[I'm still there]

Wietse, you make me nervous ;) This all has nothing to do with
virus scanning in particular. I wanted to allow one to adapt
the code easily to one's needs, antivirus is only an example.
Moreover, it's safe -- small perl glue that communicates with
av via a socket and passes message directly to this socket or
via temp file isn't a source of troubles, really. I never wanted
to "incorporate" antivirus or other big-n-crappy piece of code
into postfix iteslf. With perl, it's hard to write buggy code,
at least with memory corruption problems.

At the other hand, on many large sites almost any software
needs some customizations that didn't allowed w/o source
code modifications. Having such perl bindings, people can
do this easy *and* safely (doing this in C is troublestome).

You already said some words about "perl bindings" -- you
mostly "approved" (or at least not rejected) the idea
itself. Now I have some prototype available and asked
for comments about it's architecture -- I explicitly said
that this architecture may be wrong, and this is because
I asked.

Well, if it's completely bad thing (TM), then fine, I'm
shutting up... :( But your statement above has nothing
common with this fact -- you said only that antivirus
software should be away from postfix, and I agree here,
from the "day one".

Regards,
 Michael.

-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]