Renattach is a filtering software for emails that is designed to rename or remove hazardous attachments from emails.
The filter is invoked as a simple pipe, enabling it to be used in a wide variety of systems. With the 'kill' feature, which eliminates entire messages, sites can easily handle resource strains caused by virus floods. Plus, Renattach is written in pure C, ensuring that it can quickly process mail with little overhead.
Unlike conventional virus scanners, Renattach does not rely on specific virus or worm definitions. Instead, it identifies potentially dangerous attachments based on file extension and executable encoded body content. The software is even capable of reading filenames from inside ZIP archives on the fly, without requiring any external software.
The self-contained MIME code parses, fully interprets, and then rewrites the header of every attached file. During this process, it checks the file's extension against a list and ensures that the file is not on a banned list. Only after passing through these steps is the MIME header written fresh using a predetermined, known format.
Renattach operates simply by reading a single mail message from stdin, filtering it, and then writing it to stdout (or piping it to an external command). The software has been extensively tested under Linux, FreeBSD, NetBSD, Solaris, Mac OS X, OS/2, and Cygwin. It should be able to compile on any UNIX-like system equipped with standard C libraries.
The latest version comes with a new loop option which removes Delivered-To headers from the input message. This is particularly useful as it defends Postfix against a "mail forwarding loop" spam relay trick that could be used when Renattach is installed as an smtpd-side content filter.
Overall, Renattach is a must-have software for organizations looking to protect their systems against dangerous email attachments with ease. Its intuitive features, coupled with its ability to work on a wide range of systems, make it an invaluable tool for any IT team.
Version 1.2.4: N/A