The virus scanner scans email that comes into your system through SMTP. Then passes the email onto your internal SMTP server which stores the email in the loaction that your IMAP server reads and serves. So by the time the email gets to the IMAP service it should be virus clean(atleast according to astaro [;)] ).
Well I am not familiar with the pop proxy in astaro, since I have not used it.
However doing a proxy for imap would be a more difficult task. Since the messages stay on the server the proxy would have to emulate all the functions and also suck in all the messages and either store them locally on the proxy and/or retrieve them each time from the source. Both of which is a great deal more than what I believe the pop proxy does. Since POP has a much simpler command set than imap, and it is more or less just a transfer protocol.
There may be other options for you to virus scan your email that would be a better solution than an imap proxy. Maybe run your own internal server that retrieves all the mail from the external server using fetchmail. Then you could use the pop proxy within astaro, and have your internal mailserver run an imap server so you still have an imap interface to your mail.
The transparent proxy should pass messages (request/reply) from client to server 1 to 1 until he receives a message from the client requesting a DOWNLOAD of a certain message. Then he should do the same thing as with POP: download message, check it and then decide what to do with it. The fact that the messages are on the server changes nothing (Astaro POP server works with POP messages being kept on the server too) in the way the scanning is done. A different set of commands should be implemented, thats all.
They do, but most clients just download the mail once and cache it for later use. They just check for the mail date and ID with the server to see if it has changed in the meantime. Therefore, the mail is not really VIEWED directly from the server but from a local copy of the mail. As far as Yahoo is concerned, that is WebMail and it goes over HTTP/HTTPS protocol so it has NOTHING to do with the topic of our discussion.
You're right, IMAP stays at the server and POP doesn't unless the client chooses not to delete. Not the same thing really but isn't the issue for virus protection.
I believe that anti virus needs to happen before delivery to the server mailbox. Not sit there waiting for the client to check for mail. Of course ASL can do this if it is handling the initial delivery. But the question is about mail outside of ASL's control.
In that case the server at the other end should do anti virus. If you can't control that then your local machine has to do it which is the least secure way.
Might be nice if ASL could check IMAP and POP connections but that isn't very practical. ASL is acting more like a router when you are getting mail.
Best way is to have control of the mail server itself so it can be protected at the server. ASL could handle anti virus or the mail server, or both. Then the client has anti virus on top of all this.
Of course you still need user education which is the toughest part.
You're right, IMAP stays at the server and POP doesn't unless the client chooses not to delete. Not the same thing really but isn't the issue for virus protection.
I believe that anti virus needs to happen before delivery to the server mailbox. Not sit there waiting for the client to check for mail. Of course ASL can do this if it is handling the initial delivery. But the question is about mail outside of ASL's control.
In that case the server at the other end should do anti virus. If you can't control that then your local machine has to do it which is the least secure way.
Might be nice if ASL could check IMAP and POP connections but that isn't very practical. ASL is acting more like a router when you are getting mail.
Best way is to have control of the mail server itself so it can be protected at the server. ASL could handle anti virus or the mail server, or both. Then the client has anti virus on top of all this.
Of course you still need user education which is the toughest part.
