[Esa-l]Re: Sanitizer question

Dustin Ankeny dustin at heritageind.com
Thu Jun 21 11:43:24 PDT 2001

Actually I have, I have a two prong approach to email It may be silly but
hey, it works. :)

Email is received by machine #1.  This is running amavis.  (amavis.com)
It is scanned for viruses and left on machine #1.

Machine #2 has procmail, fetchmail, sanitizer script as well as simple spam
filters.  It grabs the mail from Machine #1 via fetchmail and it does it's
thing with ripping out web bugs and the whole sanitizer script.  The users
then grab their mail from machine #2.

But the users SEND mail using machine #1 sendmail, which is using amavis to
scan everything that goes through sendmail.

Make sense?

The reasoning behind this, is that I can be a little more lax and not defang
exe, doc, xls but kill anything else that is remotely suspicious.  (it
caught the lovebug before the Amavis script updated itself with new virus

Dustin Ankeny

-----Original Message-----
From: esa-l-admin at spconnect.com [mailto:esa-l-admin at spconnect.com]On
Behalf Of John D. Hardin
Sent: Wednesday, June 20, 2001 10:40 PM
To: Alon Gingold
Cc: Email Security Announce list
Subject: [Esa-l]Re: Sanitizer question

On Thu, 21 Jun 2001, Alon Gingold wrote:

> I've been using your sanitizer for some time now, and I'm happy to
> say that it helped me a lot. It is catching incoming viruses every
> day.
> A few days ago we caught the Magistr virus. I'm not sure how yet
> (maybe someone downloaded and ran something directly). When the
> virus became active, it started sending itself out on mass emails.

Most likely via a webmail account.

> I would like to ask, if it's possible to activate the same
> security checks (currently run by the sanitizer on incoming
> emails) on OUTGOING emails ?

This is being asked more and more. Listies: has anybody already got
this set up and running?

 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  An entitlement beneficiary is a person or special interest group
  who didn't earn your money, but demands the right to take your
  money because they *want* it.
                                  -- John McKay, _The Welfare State:
                                     No Mercy for the Middle Class_
   1231 days until the Presidential Election
E-mail Security Announce list mailing list
E-mail Security Announce list at spconnect.com

More information about the esd-l mailing list