[plug] filtering virus infected files
Christian
christian at amnet.net.au
Mon May 8 11:08:28 WST 2000
On Mon, May 08, 2000 at 11:04:52AM +0800, Mike Hasleby wrote:
> With the advent of yet another email virus in the guise of the “love
> bug” last week, am I wrong in suspecting that on our email servers we
> can put in a filter to siphon off message containing a string of text
> in the subject, and redirect it to /dev/null ? Thus eliminating the
> problem of known viruses before they get to their destination.
> Is this possible or am I dreaming?
Certainly not -- you can do this with procmail. There is already a
script by John Hardin (available on freshmet for memory) which will do
all sorts of things like prevent potentially malicious JavaScripts etc.
from executing. I think John basically kept it up to date as new
vulnerabilities were discovered. The only potential problem is that it
deliberately munges parts of the emails (e.g., names of executable files
attached) which may create some confusion amongst some users. However,
combined with good user education you can probably severely limit the
impact of such vulnerabilities.
Regards,
Christian.
More information about the plug
mailing list