renattach is a stream filter that can identify and act upon potentially dangerous e-mail attachments. It's a highly effective way of protecting users from harmful mail content (virii and worms) by disabling or removing attachments that may be accidentally executed by the user. It is written in pure C and can quickly process mail with little overhead. Unlike a conventional virus scanner, there are no specific virus or worm definitions. Instead, it identifies potentially dangerous attachments based on filename extension and on encoded body content. It can be used from within sendmail, postfix, procmail, or pretty much anywhere else.
|Tags||Communications Email Filters Security|
Release Notes: The --loop option was added, which removes Delivered-To headers from the input message. This defends Postfix against a "mail forwarding loop" spam relay trick which could be used when renattach is installed as an smtpd-side content filter.
Release Notes: A MIME parser bug where some headers were incorrectly sanitized was fixed. Support for using "#" to suppress new_extension was added. The build scripts were fixed to handle getopt properly, so the FreeBSD port now builds without modification. Note that the software has been discontinued, so sites using renattach should switch to a different security system.
Release Notes: The potentially insecure --pipe feature has been rewritten to eliminate shell interpretation/escape risks. The RFC 2047 decoder has been improved and a base64 decoding bug has been fixed, improving support for non-ASCII filenames. Several improvements were made to help with non-Unix builds and eliminate compiler warnings.
Release Notes: An option to search inside zip attachments for malicious files has been added. Security for launching external pipes has been enhanced. This release supports Outlook-style multi-line encoded filenames.
Release Notes: This release changes the exitcodes to more sensible values and adds new .conf options to allow more flexibility in altering the Subject field.