In a message dated: Thu, 05 Apr 2001 15:48:11 EDT Jeffry Smith said:

OK, I know we do something to "defang" stuff, could I / you pass what it is on to this list, to answer this question?

jeff ------- Forwarded Message

From: "Dave Coutu" <cout@alum.wpi.edu> To: <wlug@mail.wlug.org> Date: Thu, 5 Apr 2001 11:10:10 -0700 Subject: [Wlug] Filtering attachments via a Sendmail ruleset?

Hey Guys,

Really simple question here... A while back I had asked whether = sendmail could filter out mail based on a subject header , and found out = that it could. Now I have a situation here at work where we want to = filter out attachments, the obvious being .vbs, .exe, basically anything = that may contain a virus. We don't run anti-virus software on the mail = server that mail is being delivered to, nor on the sendmail relays = feeding into it, since they are Solaris boxes and we currently don't = have a unix version of Norton lying about. But I believe that we can = filter out attachments through a sendmail ruleset, and I am wondering if = this is the case. If so, can someone tell me how/where to do it please? = Would be very appreciative for any help here! Thanks in advance!

What we do here is use procmail on our local, internal mail server. There's a great filtering set of procmail rules for this located at: http://www.impsec.org/email-tools/procmail-security.html As long as you have procmail installed and sendmail is configured to use procmail, just drop this stuff in place and you'll instantly start filtering stuff based on content and/or extension. There's a lot of configuration and customization you can do with this thing, and we've found that it works fantastic. We've intercepted the "AnnaKournikova" virus many, many times since it's initial release, and I can't even count the number of other virii I've seen trapped since we installed this. HTH, Seeya, Paul -- Paul Lussier Chairman, Nashua Chapter, GNHLUG Senior Systems and Network Engineer Mission Critical Linux, Inc.