[plug] stripping potentially nasty attachments
Bernd Felsche
bernie at innovative.iinet.net.au
Fri Mar 26 23:04:30 WST 2004
On Friday 26 March 2004 22:57, Craig Ringer wrote:
> I'm currently using MimeDefang to strip suspect or potentially risky
> attachments (.pif, .exe, .scr, .vbs, etc etc etc) from email before it
> hits the virus scanner. I'm interested in finding a way to extend that
> so that MimeDefang can quarantine messages that have zipped attachments
> if the zip file contains suspect filenames. I'd like to kill as many
> possibly dodgy files as possible without needing the virus scanner,
> given the rapidly "mutating" viri we're getting these days.
> A quick google search turned up nothing, nor did a look at the
> MimeDefang docs (what of them exists). I didn't find a simple method of
> doing this. So ... is anyone on PLUG currently doing something like
> this, and if so - any pointers/tips?
Sorry; no. I've taken the easy way out and implemented AVMailGate
(commercial product) at a couple of customer sites. Works quite
well. Pricing isn't too bad either.
> Suggestions appreciated. I'll follow up here if I find a solution later.
AVMailgate configuration allows setting recursion depths and number
of attachment limits before an email is automatically quarantined.
You could probably use those parameters as first-guesses as to what
might be a bit-hazard.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
More information about the plug
mailing list