the Anomy mail tools

This is the future home of the Anomy mail tools. Currently only the email sanitizer has been released, which is at revision 1.76.

People curios about what the rest of the Anomy tools are for, might be interested in the weird mailing list that inspired them.

The Anomy sanitizer

The Anomy sanitizer is what most people would call "an email virus scanner". That description is not totally accurate, but it does cover one of the more important jobs that the sanitizer can do for you - it can scan email attachments for viruses. Other things it can do:

• Disable potentially dangerous HTML code, such as javascript, within incoming email.
• Protect you from email-based break-in attempts which exploit bugs in common email programs (Outlook, Eudora, Pine, ...).
• Block or "mangle" attachments based on their file names. This way if you don't need to recieve e.g. visual basic scripts, then you don't have to worry about the security risk they imply (the ILOVEYOU virus was a visual basic program). This lets you protect yourself and your users from whole classes of attacks, instead of blocking individual exploits.

what makes this better than XYZ?

Since I began writing the Anomy Sanitizer (and a while before), quite a few programs have cropped up which aim to solve more-or-less the same problems as Anomy. I've looked at most of them, and in general they lack the following features:

• Anomy can (if properly configured) sanitize mail without ever touching your hard drive, and in general tries to minimize disk I/O and memory usage at the expense of increased CPU usage (more complex algorithms). Many, if not all, competing filters are more likely to either fill your disks or memory if someone sends you a very large message. On modern mail servers my approach is not only good for reliability, but it should be good for performance as well.
  
  
• Anomy uses it's own MIME parser which was specifically designed with a security filter in mind. The MIME standards contain a few ambiguities which may lead to one parser finding an attachment which some other parser might miss - if your virus filter misses an attachment, but the email client sees it then you are at risk of being infected. Problems like this have been discovered in commercial antivirus products as well as free ones and have led to infections on the networks they protect.
  
  

Of course, many of the alternatives have other features which may be more important to you, in which case I encourage you to use them. But these features are important to me.

downloads, etc.

• Download the most recent sanitizer, revision 1.76.
• Browse the distribution subdirectory for older releases and misc. tools (such as a HTMLCleaner-only tarball).
• Browse the manual.
• The CHANGELOG.
• See rough stats on freshmeat.

helping out, getting help

• The development of the Sanitizer is largely sponsored by Frisk Software International, makers of F-Prot Antivirus. Please consider doing business with them if you are in need of a virus scanner.

• Please report bugs (and/or solutions) to anomy-bugs@mailtools.anomy.net.

• Translators, users and potential developers should subscribe to the discussion list, anomy-list@mailtools.anomy.net by sending a message to anomy-list+request@mailtools.anomy.net with the word subscribe in the message body or subject line. Or just send us stuff.

• If the program proves useful to you and you haven't time to contribute code, documentation or bug reports - then please consider supporting the project with a cash donation. I'm doing this in my spare time, and all encouragement helps.

Please browse the archives for anomy-bugs and anomy-list before submitting new bug reports or questions to the lists.

If you just want to chat (or try asking questions), I can sometimes be found on IRCnet using the nickname Juggler. I'm usually happy to hear from users, but don't be offended if I'm too busy to reply or hold your hand.

links

Related information - other pages related to the Anomy Sanitizer.

• F-Prot AVES - Corporate users may also be interested in Frisk Software International's managed e-mail filtering service.
• Advosys Consulting: Fighting malware and spam with Postfix
• E-mail access via the web - discusses integrating Anomy with Postfix and Courier Maildrop

Sanitizing email - the following programs have similar goals to those of the Anomy sanitizer. Ideas have been and will be liberally borrowed from them whenever I feel it can improve my program.

• John D. Hardin's procmail security page explains many of the issues related to email security and provides most of the inspiration for the Anomy sanitizer.
• AMaViS allows incoming email to be scanned for viruses.
• Inflex can scan both incoming and outgoing email for viruses, and enforce basic filename and content type based restriction policies.
• MIMEDefang is a very similar tool to the Anomy sanitizer. It requires sendmail 8.12.x with the milter stuff enabled.
• Stripmime.pl is a perl program which strips HTML and binary sections from a message, and flattens all multipart sections into one text/plain part.
• Qmail-Scanner is a scanning tool for use with qmail.

Last modified: 03-01-2006