[Dshield] Delayed Attachment Delivery?

Jon R. Kibler Jon.Kibler at aset.com
Sat Feb 28 18:12:29 GMT 2004


Lewis Wolfgang wrote:
> 
> Hi Folks,
> <SNIP!>
> It would seem that if certain executable attachments could
> be delayed for a few hours before delivery we'd have some
> breathing room to allow the virus signatures time to
> settle in.  Known dangerous filetypes (and double-extent
> filenames) could be thrown away right away.  Zipped
> executables would be the candidates for delayed delivery.
> 
> Does anyone have any thoughts or recommendations?
> <SNIP!>

If you use sendmail and MIMEDefang, this would be rather simple
to accomplish. First, you could quarantine all dangerous 
attachments and replace them with a URL link to the quarantine
directory (a one line command in mimedefang-filter), then use
sendmail's queue rules to place them in a delayed delivery
queue that required an item to be in the queue x hours before
delivery was attempted.

I could see this creating all sorts of political problems,
especially the delivery delay. We already do the replacement
of dangerous attachments with URL and never had heard a single
objection about it.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list