protector - 1.00.2 -- GPLed e-mail virus protection

protector - 1.00.2 -- GPLed e-mail virus protection

Post by Chris Lowt » Tue, 31 Jul 2001 01:35:57



Hi,

Update 2 of protector 1.00 has been released for RedHat 6.0, 6.1, 6.2, 7.0
and 7.1 systems.

This update of the protector software provides a new utility called "revive"
that can be used to revive rejected attachments removed from incoming mails,
and a note in the user guide document "GUIDE.html" describing how to use it.

        Version 1.01 is also now available as a development beta release, for
        testing and documentation. This reworked protector release handles MS office
        and other document formats more intellegently - including the checking of
        embedded objects - but it is currently still under development..

For information and download of bother versions, visit the protector web site:

        http://protector.sourceforge.net

Protector checks incoming e-mail messages for attachments that could
contain viruses, worms etc - and replaces the offending attachments with
standard warning messages before being passed to "procmail" for local
delivery. The original "dangerous" attachment is saved in a directory that
only the root user can access.

Protector is NOT a virus scanner in the traditional sense: It does NOT
scan attachments for virus signatures, but blocks attachments that could
contain viruses. So *.exe, *.vba etc attachments don't get through.
This means that you don't have to keep protector up to date to stay
protected against the growing tide of new viruses and worms.

Protector does not work by blocking listed types, but by blocking ALL BUT
the listed types. For details of the attachment types "allowed through",
please refer to the web site.

The logic employed by protector to determine the file types contained in
attachments is based on a modified version of the "file" command, and a
number of type-specific validation programs - it does not rely on the
actual name of the file, or the "content-type" declared in the attachment
header. It also looks inside ZIP, TAR and other archive formats, and
checks the files contained in them.

Some types of files are allowed through only under certain conditions. The
main example being that MS Word documents are blocked if they contain ANY
macros, but allowed through otherwise.

It isn't perfect yet, but it's a start. Assistance in developing the
checking logic for new file types is invited.

Chris.

##########################################################################

# PLEASE remember a short description of the software and the LOCATION.  #
# This group is archived at http://stump.algebra.com/~cola/              #
##########################################################################