#1
  1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2003
    Location
    Washington, D.C.
    Posts
    722
    Rep Power
    29

    Sendmail & How to reject mail with executable attachments


    Hello-
    Recently I've been getting a lot of mail with attatchments "test.scr" and "appl.exe", a few of which have been identified as viruses. I'm wondering if there is any way to tell sendmail to reject any email containing an executable attatchment.

    The following was returned from another machine, as my outlook has apparently delivered to my address book.

    -->

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    adam@thewatchdesk.com
    This message has been rejected because it has
    a potentially executable attachment "test.scr"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it.

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <jbruns@webdevsol.com>
    Received: from [24.53.186.180] (helo=webdevsol.com)
    by fhh.firehousehosting.com with esmtp (Exim 4.24)
    id 1AlU4p-0004PI-BQ
    for adam@thewatchdesk.com; Tue, 27 Jan 2004 09:20:27 -0500
    From: jbruns@webdevsol.com
    To: adam@thewatchdesk.com
    Subject: Error
    Date: Tue, 27 Jan 2004 09:18:59 -0500
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0006_70F4F082.659BE0AC"
    X-Priority: 3
    X-MSMail-Priority: Normal
    Message-Id: <E1AlU4p-0004PI-BQ@fhh.firehousehosting.com>

    This is a multi-part message in MIME format.

    ------=_NextPart_000_0006_70F4F082.659BE0AC
    Content-Type: text/plain;
    charset="Windows-1252"
    Content-Transfer-Encoding: 7bit

    The message contains Unicode characters and has been sent as a binary attachment.


    ------=_NextPart_000_0006_70F4F082.659BE0AC
    Content-Type: application/octet-stream;
    name="test.scr"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment;
    filename="test.scr"

    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUA
    AEwBAwAAAAAAAAAAAAAAAADgAA8BCwEHAABQAAAAEAAAAGAAAGC+AAAAcAAAAMAAAAAASgAAEAAA
    AAIAAAQAAAAAAAAABAAAAAAAAAAA0AAAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQ
    AAAAAAAAAAAAAADowQAAMAEAAADAAADoAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  2. #2
  3. Full Access
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jun 2000
    Location
    London, UK
    Posts
    2,019
    Rep Power
    17
    I've no idea how to do it with sendmail, but it's trivial to do with qmail:
    http://www.qmail.org/qmail-smtpd-viruscan-1.3.patch
    Alex
    (http://www.alex-greg.com)
  4. #3
  5. Big Daddy
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Sep 2003
    Location
    Boston
    Posts
    1,473
    Rep Power
    36
    Look into procmail for mail filtering.

    Chris
    Pop, pop, fizz, fizz, oh what a relief it is!
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    9
    Rep Power
    0

    A cure


    I've installed the E-mail Sanitizer. It's an easy setup and the attachments are completely user configurable. Also, you can do a bit of AV filtering if you like.

    The program can be found on

    http://www.impsec.org/email-tools/pr...-security.html

    It runs through an easy and basic procmail system.

IMN logo majestic logo threadwatch logo seochat tools logo