nanog mailing list archives
RE: Possibly yet another MS mail worm
From: "Steve Birnbaum" <steve.birnbaum () sky-vision net>
Date: Mon, 1 Mar 2004 10:01:58 +0200
Say such a milter could strip off attachments, replacing them with a URL in the email that will allow the recipient to download them if they prove clean. It's not an instant gratification, but it'll let you distribute the scanning
About 5-6 yrs ago I wrote a system for a customer that would look at attachments, and for any attachment not of a whitelisted type (I might have checked against /etc/magic to prevent bogus extensions), it would do just that. The file got removed from the email and replaced with a note. The attachment got dumped into a DB and the admins would validate it by hand via a web-based interface (this was the customer spec). All zip files got popped open and the contents checked. If the admins approved the attachment, I think it got re-mailed to the end-user. The system worked well. It had the high manual overhead, but that's what they wanted. There's no reason to not do the same and just queue for virus scanning if the mail server needs the load lightened. Steve ---- Steve Birnbaum SkyVision Global Networks Phone: +44 20 83871750 Email: steve.birnbaum () sky-vision net Experience is something you don't get until just after you need it.
Current thread:
- Re: Possibly yet another MS mail worm Michael Wiacek (Feb 29)
- Re: Possibly yet another MS mail worm Rubens Kuhl Jr. (Feb 29)
- Message not available
- Re: Possibly yet another MS mail worm Rubens Kuhl Jr. (Feb 29)
- Re: Possibly yet another MS mail worm Michael Wiacek (Feb 29)
- RE: Possibly yet another MS mail worm Steve Birnbaum (Mar 01)
- Possibly even yet another MS mail worm Mike Nice (Mar 01)
- Re: Possibly even yet another MS mail worm Stephen J. Wilcox (Mar 01)
- Re: Possibly even yet another MS mail worm Jeff Shultz (Mar 01)
- Re: Possibly even yet another MS mail worm Laurence F. Sheldon, Jr. (Mar 01)
- Message not available
- Re: Possibly yet another MS mail worm Rubens Kuhl Jr. (Feb 29)
- <Possible follow-ups>
- Re: Possibly yet another MS mail worm Curtis Maurand (Mar 01)
- Re: Possibly yet another MS mail worm Todd Vierling (Mar 01)
- Re: Possibly yet another MS mail worm Laurence F. Sheldon, Jr. (Mar 01)
- Re: Possibly yet another MS mail worm Curtis Maurand (Mar 01)
- Re: Possibly yet another MS mail worm Sam Stickland (Mar 01)
- Re: Possibly yet another MS mail worm John Palmer (Mar 01)
- Re: Possibly yet another MS mail worm Todd Vierling (Mar 01)