Hi all, I have dome some research about this odd tnef files that outlook
generate. I cant eliminate this files like many people does, my clients
are using the "net folders" function on outlook to share contacts and
use RTF mail, and of course they want to see attachments sended by anyone.
At the same time I want this files checked against a file extension based
policy and scaned for viruses.
One interesting thing to note is that outlook doesnt look for a "winmail.dat"
file, the common name for a tnef attachment, it look for a content type
"application/ms-tnef", so blocking winmail.dat (like sanitizer does by default)
doesnt give you ANY aditional security. Any file can be a tnef attach with
the correct content-type, even a file like "thing.jpg"
The only way to stop/filter this attachments is looking at the content type,
one thing (AFAIK) sanitizer cant do at the moment (v1.68).
As a workaround solution I created a wrapper for clamav, it will check if the file is a
TNEF, extract the encapsulated files and check this against a file extension policy, then scan
+for viruses, if the file isnt a tnef is scanned directly for viruses.
If anyone is interested: http://www.alphasistemas.com/clamwrapper-01.sh.gz
Please tell me if anyone have a better way to do it, or if I am wrong with something.
Sorry for my bad english.