RE: [cobalt-users] email attachments / virus scanning on RaQs

["Colin J. Raven" <cjraven@xxxxxxxxxxx>]

>I¹d like to implement a virus scanner for email passing
>through one of my RaQs.
>Can anyone give me any useful pointers to products that
>people have had success with?
>I¹ll summarise back to the list.

There *are* commercial products that do this, but frankly procmail has
'em all beat IMHO.
A properly constructed /etc/procmailrc with John Hardin's email
sanitizer in place is *highly* effective and thoroughly supported by a
wide and knowlegeable user community (and John himself where necessary)
More information can be found here:
http://www.impsec.org/email-tools/procmail-security.html
I use it, and to date we've caught innumerable "Melissa's", "ILoveYou's"
and, in the past 5 days over 58 instances of "Anna Kournikova" etc.
Downside: You have to maintain it. There are no "automatic updates" as
with some commercial products (at least in the M$ World anyway)
Upside:
1. The "maintainence" is often restricted to the addition of another
suffix to poison or mangle (like ".vbs" for example) or the addition of
some "globs" to catch "double suffix attachments"
(like ".jpg.vbs" as an example)
2. It's a *helluva* good way to keep learning, and every one of those
'lil buggers you catch..well, it's a great feeling!!!
3. Management sometimes refers to you as "the email god"
HTH
Regards,
-Colin
--
Colin J. Raven