RE: Possibly yet another MS mail worm

["Steve Birnbaum" <steve.birnbaum () sky-vision net>]

> Say such a milter could strip off attachments, replacing them 
> with a URL in the email that will allow the recipient to 
> download them if they prove clean. It's not an instant 
> gratification, but it'll let you distribute the scanning 

About 5-6 yrs ago I wrote a system for a customer that would look at
attachments, and for any attachment not of a whitelisted type (I might have
checked against /etc/magic to prevent bogus extensions), it would do just
that.  The file got removed from the email and replaced with a note.  The
attachment got dumped into a DB and the admins would validate it by hand via
a web-based interface (this was the customer spec).  All zip files got
popped open and the contents checked.  If the admins approved the
attachment, I think it got re-mailed to the end-user.

The system worked well.  It had the high manual overhead, but that's what
they wanted.  There's no reason to not do the same and just queue for virus
scanning if the mail server needs the load lightened.

  Steve

----
Steve Birnbaum          SkyVision Global Networks
Phone: +44 20 83871750  Email: steve.birnbaum () sky-vision net
Experience is something you don't get until just after you need it.