renattach 1.2.3, discontinued - Security

This is a discussion on renattach 1.2.3, discontinued - Security ; Some of you might be familiar with my renattach software, which is a rather fast pipe based scanner/filter for potentially dangerous email attachments. First bit of news is that version 1.2.3 has been released. This has some minor bug fixes ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: renattach 1.2.3, discontinued

  1. renattach 1.2.3, discontinued

    Some of you might be familiar with my renattach software, which is a rather
    fast pipe based scanner/filter for potentially dangerous email attachments.

    First bit of news is that version 1.2.3 has been released. This has some
    minor bug fixes - obtain from http://www.pc-tools.net/unix/renattach/

    The second important note is that I am discontinuing renattach. It will no
    longer be maintained, partly because I no longer have the time to dedicate
    to it but also because I feel that this security software is no longer able
    to effectively address current email based threats. The software has become
    outdated and I am not able to bring it back up to date.

    Also, the MIME scanner in the software is not advanced enough to deal with
    more complex message formatting. I avoided using a MIME library both
    because I wanted to avoid vulnerabilities in uncontrollable external
    components, but also because I wanted renattach to look "past" MIME and not
    be limited by what valid MIME structure dictates.

    Anyway, here is the note within the documentation and on my web site:

    WARNING: THIS SOFTWARE HAS BEEN DISCONTINUED. IT IS NO LONGER MAINTAINED.

    The author recommends that you do not depend upon renattach to filter
    emails for dangerous content. As of 2006, renattach used on its own is not
    enough to filter potentially harmful emails. Dangerous attachments, or
    other attacks, may pass through the filter undetected. Please switch from
    renattach to some other actively developed security system.

    Thanks for the help, feedback and contributions from the community
    including comp.mail.misc people over the years.

    --
    Jem Berkes
    Software design for Windows and Linux/Unix-like systems
    http://www.sysdesign.ca/

  2. Re: renattach 1.2.3, discontinued

    > WARNING: THIS SOFTWARE HAS BEEN DISCONTINUED. IT IS NO LONGER MAINTAINED.

    Another note, there is a rather complete PDF manual for renattach (20 or so
    pages) that previously only provided to people who paid for the software.
    The manual was a support bonus.

    I have now posted this manual on the software's page
    http://www.pc-tools.net/unix/renattach/

    If anyone wants to keep using the software or is trying to modify it, the
    manual should help better understand the software structure and use. The
    source code is still there too of course.

    --
    Jem Berkes
    Software design for Windows and Linux/Unix-like systems
    http://www.sysdesign.ca/

+ Reply to Thread