SecuriTeam Blogs » Q: Outlook attachments

Q: Outlook attachments

April 23rd, 2008 by noam, Filed under: Ask the Expert, Commentary

Another one for you this week, we especially liked XenoMuta’s answer to our previous one.
Lets go:

Dear SecuriTeam,

i am not sure if you are able to help us to find a solution for a special problem but i’ve tried everything and spent a lot of time in the internet without any achievement.

we want to export the content of multiple exchange servers from our branch offices into personal folders (.pst files) and import these informations into our exchange mail system. the main problem why we are not yet able to do this is that we want to scan the content for viruses, worms (if possible with multiple virus scanners) and for unwanted content like videos, music, executables and so on and this in a way that a real content scan would be done instead of just checking against the file extension. also all attached archives (zip, rar etc.) should be opened (if possible) and scanned for its content. if an attachment is found which cannot be scanned because of password protection or encryption or whatever reason this attachment or the complete mail should be deleted or moved to a quarantine area.

Thank your very much for your support

Best regards
J. B.
Germany

Volker

Why don’t you move the user’s mailboxes directly from one MSX system to the other?

You’ll need AV on the client *and* within (!) the MSX system, anyway, thus content scanning cannot be the sole reason for that complicated procedure.

An AV/SPAM mail gateway between your MSX and the internet (the 3rd AV) is recommended, too.
http://xenomuta.tuxfamily.org/ XenoMuta

Dear Writer:

This is a complex, yet achievable task. With some effort and reading you can accomplish this, because the tools you need are free and a lot of documentation and How-Tos available.

Microsoft is not my specialty, but I hope my advice helps you and gives you some insight to start-off:

Basically you will set an scenario that’ll do the following:

1) Convert PST to Unix MBox files.
2) Fetch your mail from an intermediary mail server that’ll scan, clean and remove unwanted attachments.
3) Send each complete Mbox back to your new Exchange Server.

Here’s how:

- Install a Linux box (I would use debian because there’s a lot of support and pre-instalable packages for almost all we need)
- Install ol2mbox – http://sourceforge.net/projects/ol2mbox (converts Outlook’s PST to Unix MBox files)
- Install an MTA (sendmail, postfix , qmail, etc…)
- Install a POP3 server ( such as qpopper, courier pop3, etc… )
- Install fetchmail ( fetchs mail from/to servers to/from disk )
- Install MIMEdefang ( a tool that does about anything with attachments, from filtering certain file-types to removing certain context, altering them, etc…. )
- Install ClamAV ( an opensource Anti-Virus )

Don’t fear, google up, there are many walk-through that’ll guide you how to install and Linux Mail servers with MIMEDefang and ClamAV .

The fetchmail tool will do the rest by sending cleaned mboxes from the linux pop3 server itself to the new Exchange Server.

It is a complex set-up, but sounds harder than what it really is.

P.D.
I’m glad you guys liked my previous answer. Willing to help anytime I can.
http://www.vestweb.nl Brian

J.B.,

I agree with Volker, i dont know how big the mailboxes are but a pst file has a limitation of 2Gb.
if you just try a testmailbox with a mpeg and a virus file (something like eigar) you can test your new exchange mail system and save time.
http://xenomuta.tuxfamily.org XenoMuta

I don’t agree, because this would only be useful for virus detection, not for cleaning, because I think that anti virus software can detect a virus within a PST file and notify you of it, BUT It won’t be able to clean individual message infection without corrupting the PST file, You must remember that messages contained in a PST file are not individual files yet.

There is no out-of-the-box solution for this task.

Q: Outlook attachments

Categories

More Securiteam

New

Comments

Admin