Question on attachment defang??!
Michael Masse
mrm at medicine.wisc.edu
Mon Feb 5 18:47:04 CET 2007
>>> On 2/5/2007 at 11:16 AM, in message <45C71201.65ED.00A2.0 at plattesheriff.org>,
"Rob Poe" <rpoe at plattesheriff.org> wrote:
> I saw (somewhere) where they had a MailScanner chaning a double
> extension from
>
> bad file name example.reallybad.doc
>
> to
>
> bad file name example.defanged-doc
>
> so that the receiver would GET the message but would have to RENAME it
> to actually run it .. instead of it getting stuck in the quarantine.
>
> Looked around in the documentation / faqs but didn't see anything about
> it .. anyone have any good pointers?
>
> thanks!
>
I don't know if MailScanner can do it or not, but I used to run this procmail tool alongside MailScanner:
http://www.impsec.org/email-tools/procmail-security.html
Which does exactly what you want, among many other things. The last build of email servers I did for us did not include the procmail sanitizer because I felt it was impacting performance too much, and was also overlapping a lot of what MailScanner does, so I am no longer using this and haven't really missed it either.
Mike
More information about the MailScanner
mailing list