Community

• click here to subscribe to the "announcements" mailing list - to be kept informed of new protector releases. This is a low traffic list, and typically will not send more than a couple of messages a month.

Downloads

• click here to download the current stable release version of the software (1.00.11)
• click here to download add-ons and upgrades to the 1.00.x versions contributed by others (includes language translations, etc).
• click here to download earlier (now retired) versions of the software.
• click here to download the "under development" version. This allows you to review the ideas currently in development, and even contribute to the project - but should probably not be used for production systems (yet).

Starting points

• Announcement of the release of version 1.00.11
• NewsItems - announcements and other news items.
• Testimonials - news from happy users.
• Documents - documentation about the protector software.
• F.A.Q. - Frequently asked questions (and answers)
• SupportedPlatforms - operating systems and e-mail servers that protector works with.
• ProposedFeatures - A list of up-and-coming developments. Vote for the feature you want to see added to the software - or add a new request to the list.
• WebIndex - list of all topics on this web site (includes hints, tips, docs, downloads, ideas, discussions)
• WebSearch - search for information by keyword, etc

If you wish to contribute to these pages or the software described in them, please e-mail your contribution (source code, note or idea) to the project: protector@lowth.com.

Overview

Protector is a free, open source (GPL), low maintenance e-mail virus blockade system, used mainly to protect MicroSoft windows e-mail client systems from attack, but useful for other client types as well.

Protector lives on e-mail servers that handle in-bound messages. It checks incoming e-mail for attachments that could contain viruses, worms etc - and replaces the offending attachments with standard warning messages (or modifies them to remove the dangerous parts) before passing them on to their intended recipients. The original "dangerous" attachment is saved in a directory that only the system administrator can access.

Protector is NOT a virus scanner in the traditional sense: It does NOT scan attachments for virus signatures, but blocks or edits attachments that could contain viruses. So *.exe, *.vba etc attachments don't get through. This means that you don't have to keep protector up to date to stay protected against the growing tide of new viruses and worms.

Protector does not work by blocking listed types, but by blocking ALL BUT a listed set of types.

The logic employed by protector to determine the file types contained in attachments is based on a modified version of the "file" command, and a number of type-specific validation programs - it does not rely on the actual name of the file, or the "content-type" declared in the attachment header. It also looks inside ZIP, TAR and other archive formats, and checks the files contained in them.

Some types of files are allowed through only under certain conditions. The main example being that MS Word documents are blocked if they contain ANY macros, but allowed through otherwise.

Protector grew out of a need to protect a small network that I manage in my spare time from the dangers of e-mail borne viruses and trojans. A number of installations exist round the world and feed back from users has allowed me to improve the system - in terms of reliability, performance, ease of use and the breadth of file types "allowed through". Development is still underway, and a new release will be available shortly that allows a far larger set of file types through, allows scripts to be removed from attachments (eg: JavaScript can be removed from HTML files), and is significantly easier to tailor.

Constructive critisism is warmly invited

Analysis of the Klez virus