5224255 2000-06-24  00:03  /41 rader/ Postmaster
Mottagare: Bugtraq (import) <11407>
Ärende: Free mail scanning tool (was Re: NAI WebShield SMTP does not sca 
------------------------------------------------------------
             base64 encoding)
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
X-Accept-Language: en
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID:  <3952B12A.D5C452EE@roaringpenguin.com>
Date:         Thu, 22 Jun 2000 20:36:58 -0400
Reply-To: dfs@ROARINGPENGUIN.COM
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: "David F. Skoll" <dfs@ROARINGPENGUIN.COM>
Organization: Roaring Penguin Software Inc.
To: BUGTRAQ@SECURITYFOCUS.COM

chris.paget@ANALYSYS.COM wrote:

> The actual viruses are being picked up.  The problem is that I wish to
> block ALL scriptable files, so that in the time between a virus
> outbreak and an updated DAT being released, my network is not at risk.

I have just released a free tool to do this, at
http://www.roaringpenguin.com/mimedefang/

It runs on UNIX/Linux and requires Sendmail.  However, if you are
using Exchange, you can put a Linux box as a "sentinel" in front of
the Exchange server to do the scanning, and then relay the mail to
Exchange.  If you run DNS on the sentinel box and are creative with
DNS MX records, you can even do this with no changes to your Exchange
box, and no apparent external changes.

MIME Defang is not exactly efficient -- a new Perl process for each
incoming message -- but for low-volume sites (< 8000 messages a day),
it's not too bad.

(I *think* my tool is fairly bullet-proof, but I'm sure BUGTRAQ
readers will point out any problems. :-))

--
David.
(5224255) ------------------------------------------(Ombruten)