On Fri, Jul 27, 2001 at 12:10:00PM +0100, Patrick Welche wrote:
> Our mailhub/imap servers are running NetBSD. Is there anything we could run
> on them to scan Microsoft virus laden attachements while they are still on
> the server?

It may not be exactly what you're looking for, but I'm really happy with
http://www.impsec.org/email-tools/procmail-security.html

It doesn't work based on virus signatures, but rather tries to block the way
viruses tries to propagates:
- for doubles extention (like .gif.pic, etc..), and a few well-known
  extentions it just put the mail in a quarantine mailbox; it's up to the
  sysadmin to deliver the mail to user if this one really wants to.
- For a few other well-known extentions, it changes the extention so that
  it can't be auto-executed by windows (.exe changes to .DEFANGED-xxxxx-exe
  for example) so if a user opens or runs such a file, he really wanted to.

It also sanitize a few other things (prevent javascript from being executed,
or images to be automatically loaded in html mails, for example).
This tool has trapped all viruses since I installed it, without updates, and
before antivirus vendors published updates for the virus being trapped.

Now, this doesn't remplace an good antivirus tool on the windows machines, both
tools are complementary.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--