New Feature Request: Delayed Attachment Delivery

[Steve Evans]

I really like the idea.  I know that Julian is working on blocking
dangerous file extensions inside of a zip file which would help a lot.
But one of the big problems with that is we tell people to put exe's in
zip files if they need to send them via e-mail.  If we could just delay
zip files for x hours and then re-scan them I think that would solve the
problem for a lot of people.

Just my 2 cents. 


Steve Evans
SDSU Foundation

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Lewis Wolfgang
Sent: Saturday, February 28, 2004 8:07 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: New Feature Request: Delayed Attachment Delivery

Hi Folks,

I work at a facility that handles more than 100,000 incoming email
messages per day using MailScanner, McAfee and SpamAssassian on a quad
Xeon box.  Nice work guys, thanks!

However, we've been exploited twice this week by viruses (Netsky, Bagle)
that were processed before the virus signature updates were released by
McAfee, Symantec and others.  The "Zero Day" threat has been reduced to
a "Zero Hour" vulnerability.

Sure, we reject dangerous file types in attachments, but these viruses
ride in zip files.  We can't drop all zip files due to the nature of our
workload.

So, could MailScanner be used to flag a specified list of dangerous
filetypes for delayed processing?  Messages would have to be
unpacked/unzipped for filetype determination.  The resulting messages
would be placed into a third queue where they would sit for a specified
time period before further virus/spam checks, giving the virus
signatures a chance to catch up.

Is this reasonable?  Could MailScanner do the job?

Thanks,
Lew Wolfgang