If you look after a network, and particularly if you look after a network with Windows clients, you have probably been asked at least once in recent months about e-mail borne security threats. Various viruses and trojans have made news, most notably the Melissa virus, which caught the imagination of the mass media after it caused problems to Microsoft and other large corporates.

The sysadmin needs to be aware of possible infection threats from MS office macro viruses, "live" content in HTML, malformed mail headers designed to perform buffer overflow and/or stack smashing exploits. What's worse, users cheerfully swap executables of dubious pedigree. Often these appear to be just joke programs. Sometimes they may be infected with viruses from dirty systems; other times, there are quite deliberate trojans buried inside. Some mailers can even be tricked into auto-executing attachments.

In short, all sorts of nasties get sent through the mail. They truly fall on fertile ground when they reach an overworked enduser with little or no grasp of the consequences of accepting sweets from strangers. This is where John Hardin's handy Procmail filters come in.

Procmail, for those who haven't encountered it yet, is a mail delivery agent with powerful configurable rule-based filtering and the ability to invoke arbitrary programs to carry out more exotic forms of processing. The filters in the set we're looking at are designed to sit on a mail server, and clean things up, using Procmail to strip harmful live content out of messages, "defanging" potential attacks.

Next: How the defanger works »