Yes, there are content scanning engines which can do this. They are usually based on ICAP or Checkpoints CVP. McAfee and TrendMicro supply such software. But it remains to be seen whether these interoperate with your MTA.
 
And correct me if I'm wrong, but isn't ClamAV able to recursively scan URL's contained within e-mails?
 
-Sietse


From: John D. Hardin
Sent: Mon 11-Sep-06 18:15
To: David Baron
Cc: [email protected]
Subject: Re: postcard exploit email

On Mon, 11 Sep 2006, David Baron wrote:

> On Monday 11 September 2006 18:12, John D. Hardin wrote:
> > Maybe we need a base rule for URL links directly to executable
> > content...
> >
> > <a
> > href="">http://www.e-cards.com/view/
> >CR3090Ztyw5g527673XzW</a>
>
> Any virus checkers pick this up?

Probably not, as you'd have to visit the link to get something for the
virus checker to check. On the server side, it'd have to follow the
like to download the executable to scan, and I *really* doubt anyone
would want their mail gateway to be doing *that*.

This is more a security policy issue - "I don't want to accept email
with links directly to executable content". Hence an SA rule.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]    FALaholic #11174    pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 A weapons registration phase ... 4) allows for a degree of control
 to be exercised during the collection phase; 5) assists in the
 planning of the collection phase; ...
                      -- the UN, who "doesn't want to confiscate guns"
-----------------------------------------------------------------------
 6 days until The 219th anniversary of the signing of the U.S. Constitution

Reply via email to