TWiki Home TWiki . Protector . AnnounceVersion1009 ( vs. r1.1) TWiki webs:
Know?| Main | Protector | TWiki |
Protector . { Home | Changes | Index | Search | Go }
 <<O>>  Difference Topic AnnounceVersion1009 (r1.1 - 09 Mar 2003 - ChrisLowth)
Added:
>
>

%META:TOPICINFO{author="chris.lowth" date="1047245865" format="1.0" version="1.1"}%

Protector 1.00.9 Annnouncement - March 9, 2003

Update 9 of protector 1.00 has been released for RedHat GNU-Linux versions 6.0, 6.1, 6.2, 7.0, 7.1, 7.2, 7.3 and 8.0 systems, and as an "beta" testing release for Sun Solaris.

This update of the protector software includes the following changes.

  • Switched to "file" version 3.41 - in order to include the buffer-overflow fix in that software.
  • Improves the classifying of ELF binaries.
  • Binary (base64 encoded) attachments that declare themselves as "text" types are now trapped.

For information and download, visit: http://protector.sourceforge.net/

Protector checks incoming e-mail messages for attachments that could contain viruses, worms etc - and replaces the offending attachments with standard warning messages before being passed to "procmail" for local delivery. The original "dangerous" attachment is saved in a directory that only the root user can access.

Protector is NOT a virus scanner in the traditional sense: It does NOT scan attachments for virus signatures, but blocks attachments that could contain viruses. So *.exe, *.vba etc attachments don't get through. This means that you don't have to keep protector up to date to stay protected against the growing tide of new viruses and worms.

Protector does not work by blocking listed types, but by blocking ALL BUT the listed types. For details of the attachment types "allowed through", please refer to the web site.

The logic employed by protector to determine the file types contained in attachments is based on a modified version of the "file" command, and a number of type-specific validation programs - it does not rely on the actual name of the file, or the "content-type" declared in the attachment header. It also looks inside ZIP, TAR and other archive formats, and checks the files contained in them.

Some types of files are allowed through only under certain conditions. The main example being that MS Word documents are blocked if they contain ANY macros, but allowed through otherwise.

It isn't perfect yet, but it's a start. Assistance in developing the checking logic for new file types is invited.

Chris


Topic AnnounceVersion1009 . { View | Diffs | r1.1 | More }
Revision -
Revision r1.1 - 09 Mar 2003 - 21:37 GMT - ChrisLowth 		Copyright © 2001 by the contributing authors. All material on this collaboration tool is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback.