Removing only Windows executables

Julian Field mailscanner at ecs.soton.ac.uk
Sat Jul 27 09:49:41 IST 2002


At 09:15 27/07/2002, you wrote:
>On Fri, Jul 26, 2002 at 11:47:30PM +0100, Rob Moore wrote:
> > >> The only anti-virus software I've ever seen that blocks executables not
> > >> based on file extension is Antigen from Sybari, but that's for Exchange.
> >
> > There is another commercial product (Win32 only) called MAILsweeper that
> > will do the same thing as well. I understand it inspects the headers of
> each
> > file to determine the filetype and whether or not to block it based upon
> > the policies you set.
> >
> > The drawbacks are a) its commercial (thanks Julian for your excellent
> > product)
> > b) its a Win32 platform only c) it can be quite expensive as the license is
> > based upon users protected.
> >
>There is a perl module called File::MMagic that makes it possible to
>guess a file type :
>
>http://search.cpan.org/search?dist=File-MMagic
>http://search.cpan.org/doc/KNOK/File-MMagic-1.15/MMagic.pm
>
>It should be able to find .exe which are renamed.

To do this within zip files (which was one of the requirements), you will
need to write all your own archive-unpacking code, which is an area I have
deliberately avoided. This isn't going to be an easy job.
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list