renattach is a mail filter that renames/deletes dangerous email attachments.
Version: 1.2.4renattach is a mail filter that renames/deletes dangerous email attachments.
Operating System: Linux
renattach is a fast and efficient UNIX stream filter that can rename or delete potentially dangerous e-mail attachments. The filter is invoked as a simple pipe for use in a wide variety of systems. The 'kill' feature (which eliminates entire messages) can also help sites deal with resource strains caused by modern virus floods.
renattach is written in pure C and can quickly process mail with little overhead. Unlike a conventional virus scanner, there are no specific virus or worm definitions. Instead, renattach identifies potentially dangerous attachments based on file extension and executable encoded body content.
The software is even capable of reading filenames from inside ZIP archives on the fly, without requiring any external software. The self-contained MIME code parses, fully interprets, then rewrites the header of every attached file.
During this process it checks the file's extension against a list, and further checks to make sure the filename is not on a banned list. Only after passing through these steps is the MIME header written fresh using a predetermined, known format.
The program's operation is simple: a single mail message is read from stdin, filtered, then written to stdout (or piped to an external command).
Tested under Linux, FreeBSD, NetBSD, Solaris, Mac OS X, OS/2, and Cygwin. This software should compile on any UNIX-like system that has standard C libraries.
What's New in This Release:
· The --loop option was added, which removes Delivered-To headers from the input message.
· This defends Postfix against a "mail forwarding loop" spam relay trick which could be used when renattach is installed as an smtpd-side content filter.