Getting OT Re: [Exim] Recommendations for virus scanning/con…

Top Page
Delete this message
Reply to this message
Author: Dr Andrew C Aitchison
Date:  
To: Kevin P. Fleming
CC: exim-users
Old-Topics: [Exim] Recommendations for virus scanning/content filtering?
Subject: Getting OT Re: [Exim] Recommendations for virus scanning/content filtering?
On Fri, 3 Aug 2001, Kevin P. Fleming wrote:

> It looks (to me at least) like Amavis-perl is the most complete virus
> scanning tool for Exim at this point. Anyone have any other suggestions I
> should look at first? What virus scanner do you guys recommend? I've seen
> Sophos, Trend and McAfee for Linux, but have no idea how they compare.


The Univeristy of Cambridge has a site licence for NAI (MacAfee) VirusScan
which covers me. I use exiscan to connect it to exim, and I'm quite happy
with it.

> Also, I'd like to filter out _all_ executable content, and not by filtering
> on file extension (as the public "system filter" does). Has anyone seen a
> program that will actually inspect the contents of the file and report back
> whether it appears to contain _any_ Windows-executable content (i.e.
> Portable Executable format, .COM format, batch files, VBScript, ECMAScript,
> etc.)?


You want to test the *name* of the attachment not the content.
Windows only checks the name before it runs the script, so verification
would leave a hole for an attacker (think of those scripts which are valid
in several languages :-).

Ripmime http://www.pldaniels.com/ripmime/
and reformime (part of maildrop) http://www.courier-mta.org/reformime.html
will both unpack mime attachments from email.
I think they both cope with nested attachments.

-- 
Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna