Projects / renattach

renattach

renattach is a stream filter that can identify and act upon potentially dangerous e-mail attachments. It's a highly effective way of protecting users from harmful mail content (virii and worms) by disabling or removing attachments that may be accidentally executed by the user. It is written in pure C and can quickly process mail with little overhead. Unlike a conventional virus scanner, there are no specific virus or worm definitions. Instead, it identifies potentially dangerous attachments based on filename extension and on encoded body content. It can be used from within sendmail, postfix, procmail, or pretty much anywhere else.

Tags
Licenses
Implementation

Recent releases

  •  25 Oct 2006 14:00

    Release Notes: The --loop option was added, which removes Delivered-To headers from the input message. This defends Postfix against a "mail forwarding loop" spam relay trick which could be used when renattach is installed as an smtpd-side content filter.

    •  20 Mar 2006 18:37

      Release Notes: A MIME parser bug where some headers were incorrectly sanitized was fixed. Support for using "#" to suppress new_extension was added. The build scripts were fixed to handle getopt properly, so the FreeBSD port now builds without modification. Note that the software has been discontinued, so sites using renattach should switch to a different security system.

      •  10 Oct 2004 07:24

        Release Notes: The potentially insecure --pipe feature has been rewritten to eliminate shell interpretation/escape risks. The RFC 2047 decoder has been improved and a base64 decoding bug has been fixed, improving support for non-ASCII filenames. Several improvements were made to help with non-Unix builds and eliminate compiler warnings.

        •  22 Apr 2004 17:52

          Release Notes: An option to search inside zip attachments for malicious files has been added. Security for launching external pipes has been enhanced. This release supports Outlook-style multi-line encoded filenames.

          •  19 Dec 2003 04:01

            Release Notes: This release changes the exitcodes to more sensible values and adds new .conf options to allow more flexibility in altering the Subject field.

            Recent comments

            03 Oct 2004 11:04 jberkes

            Security fixes in renattach 1.2.1e
            Please see this notice, as sent out on the renattach mailing list:

            http://www.pc-tools.net/unix/renattach/2004-10-03.txt (http://www.pc-tools.net/unix/renattach/2004-10-03.txt)

            06 Dec 2003 13:54 nospammer

            renattach RPM package
            I've built a RPM package for renattach , which is already available on the Redhat contrib tree:

            http://rpmfind.net/linux/RPM/contrib/libc6/i386/renattach-1.2.0rc2-1.i386.html

            Regards.

            12 Nov 2003 09:21 jberkes

            1.2.0rc2 corrects all known issues to date
            I would like to announce 1.2.0rc2. All known bugs have been fixed. No new features are planned for 1.2.0. Thanks to all who submitted live worms/viruses; filter operation has been verified against all available live viruses (over 400 in my corpus).

            Version 1.2.0 is a complete rewrite, incorporating many of the suggestions I have received over the years that were not possible to implement in version 1.1.x. Most notably, renattach now parses and interprets all MIME attachments (with any filename encoding) and then rewrites the headers fresh to guarantee a specific format. This means that it provides substantially more protection than a filter that just searches for filenames.

            27 Aug 2003 19:32 jberkes

            Re: Renattach - encoded filenames

            > I am german-speaking, and we use
            > 'Umlauts' as normal part of our
            > language, which means that the letters
            > ä ö ü, . . .
            > So if my users attach a file called
            > 'Fassadenänderung.dwg', it annoys
            > them if it arrives as 'filename'. What
            > can be done about this, keeping in mind
            > there are a lot of languages each with
            > non-ASCII letters in them?


            In the current version, after running "./configure" edit the resulting "defs.h" and comment out the line that says #define CATCH_CODED


            The next version will recognize ISO-8859 encoded filenames; this will cover all Western European languages so you shouldn't see this stock renaming behaviour unless it's another, unrecognized character set.

            17 Aug 2003 01:49 gnasch

            Renattach - encoded filenames
            I am german-speaking, and we use 'Umlauts' as normal part of our language, which means that the letters ä ö ü, and in french speaking parts of switzerland also éàè can be part of a normal filename. So if my users attach a file called 'Fassadenänderung.dwg', it annoys them if it arrives as 'filename'. What can be done about this, keeping in mind there are a lot of languages each with non-ASCII letters in them?

            Thanks,
            Christian

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.