procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

sciprts: anti-mime, anti-attachments, anti-virus

2002-02-07 22:30:23
from [Timothy J. Luoma] [Permanent Link] 

For your review and consideration.

A frequent topic on this list is how to block certain attachments and
virii.

Well I took it a step further.

1)      I stop all attachments (strip them off using metamail and leave
        them on the Linux server in a web directory.)

2)      I search the attachments for virii using f-prot

3)      I append an URL to the body of the message pointing to the
        attachment

4)      I generate an index.html for the web directory, with any infected
        virii highlighted.  You can see a mock up at
        http://www.peak.org/~luomat/misc/metamail-test.html (the links
        won't work, but it shows the idea


So now if I get an email with an attachment, the email that arrives in my
Inbox contains just text and URLs down the bottom.  If the attachment had
a virus, it has been renamed (i.e. "Labor.com" became
"Labor_com.has.a.virus") so really I'd have to be an idiot to download it,
rename it, and execute it.

I have a simple (i.e. works for me, may not work for anyone else, does not
attempt to be foolproof) set of files to do this and have put them out at:

http://www.tntluoma.com/procmail/antimime/antimime-v2.1.tgz

CONTENTS:
antimime.rc             Procmail recipe to strip attachments

metamail-index.sh       SH script to search attachments for virii(*) and
                        generate HTML page

updatevirus.sh          SH script to update virus definitions (*)
                        this should run daily via cron

You also need:
        metamail ftp://thumper.bellcore.com/pub/nsb/mm2.7.tar.Z
                        strips attachments

        f-prot http://www.f-prot.com/f-prot/download/getfplinfree.html

                        (*) Linux anti virus


(You are welcome to change this to any other program you want, but the
syntax for metamail-index.sh depends on the output f-prot, so you'll have
to tweak it yourself. Welcome to the wonderful world of OpenSource living
;-)


I welcome comments, but cannot promise unrestricted support for the
scripts.  I will try to answer questions as time allows.

TjL
<luomat(_at_)peak(_dot_)org>


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Procmail based thread watch - A review for gotchas please, Harry Putnam
Next by Date:  Re: sciprts: anti-mime, anti-attachments, anti-virus, Timothy J. Luoma
Previous by Thread:  Procmail based thread watch - A review for gotchas please, Harry Putnam
Next by Thread:  Re: sciprts: anti-mime, anti-attachments, anti-virus, Timothy J. Luoma
Indexes:  [Date] [Thread] [Top] [All Lists]