Security Basics mailing list archives

Re: suggestions for blocking dangerous mail attachments?

From: Dan Donkers <donks () kent net>
Date: Tue, 21 Jan 2003 18:46:19 -0500 (EST)

On Sat, 11 Jan 2003, Juan Mejia wrote:

    Here are my questions:

         What's your opinion about changing file extensions on windows
         machines to reduce the threat of malware through e-mail?


The only way to make something foolproof is to keep it away from the
fools. You know it will be just a matter of time 'til someone renames the
attachment to .exe, runs it and you have a virus on the loose.


         Do you know of some application that does this on linux?

         If  there's  nothing  like this on linux, what should I start
         reading,  searching,  etc.  in order to make it on my own? (I
         have   no   idea   about  e-mail  on  Linux. Also I realize I
         probably   will   never get to do it, but having a project in
         mind  is the best way to learn  about something new).


All flavours of Linux will include procmail, which is a mail sorting
program that will do what others have suggested. I am currently using it
for my home network to scan all emails coming in. It now searches for
known_virus (the ones that we have trapped, confirmed that it is a virus
and written a definitive "recipe" to catch any others). It also traps any
messages that contain attachments which we deem are unacceptable. These
messages are quarantined until we determine that they are safe and then
can be released, but only I have the authority to release them. Later on,
when you get tired of all the spam that you get, you can use the same
program to easily filter 95% of the junk mail so it doesn't get to your
users.

The upside of all of this is that you can customize it to the exact way
you want it to operate. The challenge is that you will have to learn alot
along the way.

My $.02

Good luck in whatever you choose
Dan

*********************************
* Registered Linux user: 244008 *       "Free speech is the right to yell
*                               *       'theater' in a crowded fire"
*   Powered by Slackware 8.0    *
*********************************

Current thread:

suggestions for blocking dangerous mail attachments? Juan Mejia (Jan 13)
- Re: suggestions for blocking dangerous mail attachments? Meritt James (Jan 13)
  - Re: suggestions for blocking dangerous mail attachments? m0use (Jan 21)
    - Re: suggestions for blocking dangerous mail attachments? Meritt James (Jan 19)
    - Message not available
    - Re: suggestions for blocking dangerous mail attachments? Meritt James (Jan 21)
- Re: suggestions for blocking dangerous mail attachments? Julie Ranada (Jan 14)
- Re: suggestions for blocking dangerous mail attachments? Su Wadlow (Jan 21)
- Re: suggestions for blocking dangerous mail attachments? Nick Warr (Jan 21)
  - Re: suggestions for blocking dangerous mail attachments? theog (Jan 27)
- Re: suggestions for blocking dangerous mail attachments? Dan Donkers (Jan 23)