On Fri, 3 Aug 2001, Kevin P. Fleming wrote:
> It looks (to me at least) like Amavis-perl is the most complete virus
> scanning tool for Exim at this point. Anyone have any other suggestions I
> should look at first? What virus scanner do you guys recommend? I've seen
> Sophos, Trend and McAfee for Linux, but have no idea how they compare.
The Univeristy of Cambridge has a site licence for NAI (MacAfee) VirusScan
which covers me. I use exiscan to connect it to exim, and I'm quite happy
with it.
> Also, I'd like to filter out _all_ executable content, and not by filtering
> on file extension (as the public "system filter" does). Has anyone seen a
> program that will actually inspect the contents of the file and report back
> whether it appears to contain _any_ Windows-executable content (i.e.
> Portable Executable format, .COM format, batch files, VBScript, ECMAScript,
> etc.)?
You want to test the *name* of the attachment not the content.
Windows only checks the name before it runs the script, so verification
would leave a hole for an attacker (think of those scripts which are valid
in several languages :-).
Ripmime
http://www.pldaniels.com/ripmime/
and reformime (part of maildrop)
http://www.courier-mta.org/reformime.html
will both unpack mime attachments from email.
I think they both cope with nested attachments.
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
A.C.Aitchison@??? http://www.dpmms.cam.ac.uk/~werdna