PC-Tools.Net - Quality Coding

unix: renattach

renattach 1.2.4 - Filter that renames/deletes dangerous email attachments

Language: C with POSIX function calls

License: GNU GPL

Download source: renattach-1.2.4.tar.gz [110 K]
  FreeBSD and other ports below, in Resources
MD5 signature: renattach-1.2.4.tar.gz.md5
GPG signature: renattach-1.2.4.tar.gz.asc
Software manual: PDF format (from version 1.2.3)

Changes in 1.2.4


The author recommends that you do not depend upon renattach to filter emails for dangerous content. As of 2006, renattach used on its own is not enough to filter potentially harmful emails. Dangerous attachments, or other attacks, may pass through the filter undetected. Please switch from renattach to some other actively developed security system. [2006-03-19]

New --loop option removes Delivered-To headers from the input message. This defends Postfix against a "mail forwarding loop" spam relay trick


renattach is a fast and efficient UNIX stream filter that can rename or delete potentially dangerous e-mail attachments. The filter is invoked as a simple pipe for use in a wide variety of systems. The 'kill' feature (which eliminates entire messages) can also help sites deal with resource strains caused by modern virus floods.

renattach is written in pure C and can quickly process mail with little overhead. Unlike a conventional virus scanner, there are no specific virus or worm definitions. Instead, renattach identifies potentially dangerous attachments based on file extension and executable encoded body content. The software is even capable of reading filenames from inside ZIP archives on the fly, without requiring any external software. The self-contained MIME code parses, fully interprets, then rewrites the header of every attached file. During this process it checks the file's extension against a list, and further checks to make sure the filename is not on a banned list. Only after passing through these steps is the MIME header written fresh using a predetermined, known format.

The program's operation is simple: a single mail message is read from stdin, filtered, then written to stdout (or piped to an external command).

Tested under Linux, FreeBSD, NetBSD, Solaris, Mac OS X, OS/2, and Cygwin. This software should compile on any UNIX-like system that has standard C libraries.