New Feature Request: Delayed Attachment Delivery

Steve Evans sevans at FOUNDATION.SDSU.EDU
Sat Feb 28 17:51:23 GMT 2004

I really like the idea.  I know that Julian is working on blocking
dangerous file extensions inside of a zip file which would help a lot.
But one of the big problems with that is we tell people to put exe's in
zip files if they need to send them via e-mail.  If we could just delay
zip files for x hours and then re-scan them I think that would solve the
problem for a lot of people.

Just my 2 cents. 

Steve Evans
SDSU Foundation

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Lewis Wolfgang
Sent: Saturday, February 28, 2004 8:07 AM
Subject: New Feature Request: Delayed Attachment Delivery

Hi Folks,

I work at a facility that handles more than 100,000 incoming email
messages per day using MailScanner, McAfee and SpamAssassian on a quad
Xeon box.  Nice work guys, thanks!

However, we've been exploited twice this week by viruses (Netsky, Bagle)
that were processed before the virus signature updates were released by
McAfee, Symantec and others.  The "Zero Day" threat has been reduced to
a "Zero Hour" vulnerability.

Sure, we reject dangerous file types in attachments, but these viruses
ride in zip files.  We can't drop all zip files due to the nature of our

So, could MailScanner be used to flag a specified list of dangerous
filetypes for delayed processing?  Messages would have to be
unpacked/unzipped for filetype determination.  The resulting messages
would be placed into a third queue where they would sit for a specified
time period before further virus/spam checks, giving the virus
signatures a chance to catch up.

Is this reasonable?  Could MailScanner do the job?

Lew Wolfgang

More information about the MailScanner mailing list