-
Most malware can be recognized via
-
Telltale attachment file names and/or extensions
-
Active content in HTML mail
-
Malformed headers (buffer overflow exploits)
-
Attached documents bearing macros containing potentially
destructive commands
-
John Hardin's procmail sanitizer currently
best of breed (http://www.impsec.org/email-tools/procmail-security.html
)
-
Anomy (http://mailtools.anomy.net/)
is another malware filter inspired by Hardin's work
-
Filtering can also be done via Sendmail "Milter" filters
-
Best solution: Commercial virus checkers on clients in conjunction
with heuristic filter on mail server
|