renattach
renattach is a stream filter that can identify and act upon potentially dangerous e-mail attachments. It's a highly effective way of protecting users from harmful mail content (virii and worms) by disabling or removing attachments that may be accidentally executed by the user. It is written in pure C and can quickly process mail with little overhead. Unlike a conventional virus scanner, there are no specific virus or worm definitions. Instead, it identifies potentially dangerous attachments based on filename extension and on encoded body content. It can be used from within sendmail, postfix, procmail, or pretty much anywhere else.
| Tags | Communications Email Filters Security |
|---|---|
| Licenses | GPL |
| Implementation | C |
Recent releases
- 25 Oct 2006 07:00
Changes: The --loop option was added, which removes Delivered-To headers from the input message. This defends Postfix against a "mail forwarding loop" spam relay trick which could be used when renattach is installed as an smtpd-side content filter.
- 20 Mar 2006 10:37
Changes: A MIME parser bug where some headers were incorrectly sanitized was fixed. Support for using "#" to suppress new_extension was added. The build scripts were fixed to handle getopt properly, so the FreeBSD port now builds without modification. Note that the software has been discontinued, so sites using renattach should switch to a different security system.
- 10 Oct 2004 00:24
Changes: The potentially insecure --pipe feature has been rewritten to eliminate shell interpretation/escape risks. The RFC 2047 decoder has been improved and a base64 decoding bug has been fixed, improving support for non-ASCII filenames. Several improvements were made to help with non-Unix builds and eliminate compiler warnings.
- 22 Apr 2004 10:52
Changes: An option to search inside zip attachments for malicious files has been added. Security for launching external pipes has been enhanced. This release supports Outlook-style multi-line encoded filenames.
- 18 Dec 2003 20:01
Changes: This release changes the exitcodes to more sensible values and adds new .conf options to allow more flexibility in altering the Subject field.
- All comments
Recent commentsSecurity fixes in renattach 1.2.1e
Please see this notice, as sent out on the renattach mailing list:
http://www.pc-tools.net/unix/renattach/2004-10-03.txt (http://www.pc-tools.net/unix/renattach/2004-10-03.txt)
renattach RPM package
I've built a RPM package for renattach , which is already available on the Redhat contrib tree:
http://rpmfind.net/linux/RPM/contrib/libc6/i386/renattach-1.2.0rc2-1.i386.html
Regards.
1.2.0rc2 corrects all known issues to date
I would like to announce 1.2.0rc2. All known bugs have been fixed. No new features are planned for 1.2.0. Thanks to all who submitted live worms/viruses; filter operation has been verified against all available live viruses (over 400 in my corpus).
Version 1.2.0 is a complete rewrite, incorporating many of the suggestions I have received over the years that were not possible to implement in version 1.1.x. Most notably, renattach now parses and interprets all MIME attachments (with any filename encoding) and then rewrites the headers fresh to guarantee a specific format. This means that it provides substantially more protection than a filter that just searches for filenames.
Re: Renattach - encoded filenames
> I am german-speaking, and we use
> 'Umlauts' as normal part of our
> language, which means that the letters
> ä ö ü, . . .
> So if my users attach a file called
> 'Fassadenänderung.dwg', it annoys
> them if it arrives as 'filename'. What
> can be done about this, keeping in mind
> there are a lot of languages each with
> non-ASCII letters in them?
In the current version, after running "./configure" edit the resulting "defs.h" and comment out the line that says #define CATCH_CODED
The next version will recognize ISO-8859 encoded filenames; this will cover all Western European languages so you shouldn't see this stock renaming behaviour unless it's another, unrecognized character set.
Renattach - encoded filenames
I am german-speaking, and we use 'Umlauts' as normal part of our language, which means that the letters ä ö ü, and in french speaking parts of switzerland also éàè can be part of a normal filename. So if my users attach a file called 'Fassadenänderung.dwg', it annoys them if it arrives as 'filename'. What can be done about this, keeping in mind there are a lot of languages each with non-ASCII letters in them?
Thanks,
Christian