[plug] stripping potentially nasty attachments

Craig Foster fostware at westnet.com.au
Sat Mar 27 00:04:37 WST 2004 

> -----Original Message-----
> From: plug-bounces at plug.linux.org.au 
> [mailto:plug-bounces at plug.linux.org.au] On Behalf Of Ben Jensz
> Sent: Friday, 26 March 2004 11:13 PM
> To: plug at plug.linux.org.au
> Subject: Re: [plug] stripping potentially nasty attachments
> 
> The setup I've got on my work's mail server is with Postfix + 
> amavisd-new + Spamassassin + A/V.
> 
> In amavis, it has a set of banned file types and it'll look 
> within zip files to see what type of files are in them.  I've 
> got my work's mail server to reject banned file types (exe 
> pif etc.).  So even if the A/V hasn't got defs to pick up 
> some new virus, it'll zap any windows related nasty 
> executables of any type before they get any further anyway.
> 
> / Ben
> 
> Craig Ringer wrote:
> 
> >Hi folks
> >I'm currently using MimeDefang to strip suspect or potentially risky 
> >attachments (.pif, .exe, .scr, .vbs, etc etc etc) from email 
> before it 
> >hits the virus scanner. I'm interested in finding a way to 
> extend that 
> >so that MimeDefang can quarantine messages that have zipped 
> attachments 
> >if the zip file contains suspect filenames. I'd like to kill as many 
> >possibly dodgy files as possible without needing the virus scanner, 
> >given the rapidly "mutating" viri we're getting these days.
> >
> >A quick google search turned up nothing, nor did a look at the 
> >MimeDefang docs (what of them exists). I didn't find a 
> simple method of 
> >doing this. So ... is anyone on PLUG currently doing something like 
> >this, and if so - any pointers/tips?
> >
> >Suggestions appreciated. I'll follow up here if I find a 
> solution later.
> >
> >Craig Ringer


AVP Mail Scanner will look for a password in the html / plaintext and use
anything it finds to read what's in  a password protected attachment(ie scan
the contents for viruses). Quite nifty, but I haven't personally tried it.

CraigF.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3059 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20040327/000e5bb5/attachment.bin>

More information about the plug mailing list