|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Possibly yet another MS mail worm
> Say such a milter could strip off attachments, replacing them > with a URL in the email that will allow the recipient to > download them if they prove clean. It's not an instant > gratification, but it'll let you distribute the scanning About 5-6 yrs ago I wrote a system for a customer that would look at attachments, and for any attachment not of a whitelisted type (I might have checked against /etc/magic to prevent bogus extensions), it would do just that. The file got removed from the email and replaced with a note. The attachment got dumped into a DB and the admins would validate it by hand via a web-based interface (this was the customer spec). All zip files got popped open and the contents checked. If the admins approved the attachment, I think it got re-mailed to the end-user. The system worked well. It had the high manual overhead, but that's what they wanted. There's no reason to not do the same and just queue for virus scanning if the mail server needs the load lightened. Steve ---- Steve Birnbaum SkyVision Global Networks Phone: +44 20 83871750 Email: [email protected] Experience is something you don't get until just after you need it.
|