New Feature Request: Delayed Attachment Delivery

Lewis Wolfgang wolfgang at SWEET-HAVEN.COM
Sat Feb 28 16:06:40 GMT 2004

Hi Folks,

I work at a facility that handles more than 100,000
incoming email messages per day using MailScanner,
McAfee and SpamAssassian on a quad Xeon box.  Nice
work guys, thanks!

However, we've been exploited twice this week by
viruses (Netsky, Bagle) that were processed before
the virus signature updates were released by McAfee,
Symantec and others.  The "Zero Day" threat has
been reduced to a "Zero Hour" vulnerability.

Sure, we reject dangerous file types in attachments,
but these viruses ride in zip files.  We can't drop
all zip files due to the nature of our workload.

So, could MailScanner be used to flag a specified list
of dangerous filetypes for delayed processing?  Messages
would have to be unpacked/unzipped for filetype
determination.  The resulting messages would be placed
into a third queue where they would sit for a specified
time period before further virus/spam checks, giving
the virus signatures a chance to catch up.

Is this reasonable?  Could MailScanner do the job?

Lew Wolfgang

More information about the MailScanner mailing list