Well..., I am using Q-mail and AMAVIS mail parser in conjunction with H+BEDV
AV software ( in fact AMAVIS can work with any of AV software for Linux). It
scans every attachment in incoming mail, including dearchiving and if the
attachment has a virus it stops the delivery, sends warning to sender,
receiver and postmaster and saves the mail in a directory with chown and
chmod it, because the attachment could be of some importance for our company
and if so, our techies clean the attachment up and it can be safely viewed
or executed by the receiver.
For me it works just fine.
Emil Tchomonev
Senior IT manager
Alexandra Group
1000 Sofia, Bulgaria
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, May 05, 2000 2:34 AM
Subject: RE: Re: Removing attachments from email
> Some enterprise email systems, such as HP OpenMail, have "type
> coersion" capabilities which can look at file contents and then force
> files to be handled as belonging to a specific type.
>
> For example, we use OpenMail to coerce all files with a DOS/Windows
> executable signature (first two bytes are "MZ") to be treated as EXE
> files ... which we summarily discard and replace with a warning message.
>
> So your method wouldn't work to smuggle an EXE in to *our* network.
> 'Course, if you're really determined you can just pack it up in some
> obscure format ... say by binhexing it, then bzipping it...
>
> > Well, if yer scanning for exe files, and I have an account
> > there, can't I just rename the exe to say something.xex, come in
> after, open
> > and save the attachment, then rename it with the exe extention?
> Point
> > being, merely scanning for exe files does not really prevent there
> being
> > sent in, just eliminates those from the general populace.
> >
> > Thanks,
> >
> > Ron DuFresne
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
