renattach 1.2.3, discontinued

Some of you might be familiar with my renattach software, which is a rather
fast pipe based scanner/filter for potentially dangerous email attachments.

First bit of news is that version 1.2.3 has been released. This has some
minor bug fixes - obtain from http://www.pc-tools.net/unix/renattach/

The second important note is that I am discontinuing renattach. It will no
longer be maintained, partly because I no longer have the time to dedicate
to it but also because I feel that this security software is no longer able
to effectively address current email based threats. The software has become
outdated and I am not able to bring it back up to date.

Also, the MIME scanner in the software is not advanced enough to deal with
more complex message formatting. I avoided using a MIME library both
because I wanted to avoid vulnerabilities in uncontrollable external
components, but also because I wanted renattach to look "past" MIME and not
be limited by what valid MIME structure dictates.

Anyway, here is the note within the documentation and on my web site:

WARNING: THIS SOFTWARE HAS BEEN DISCONTINUED. IT IS NO LONGER MAINTAINED.

The author recommends that you do not depend upon renattach to filter
emails for dangerous content. As of 2006, renattach used on its own is not
enough to filter potentially harmful emails. Dangerous attachments, or
other attacks, may pass through the filter undetected. Please switch from
renattach to some other actively developed security system.

Thanks for the help, feedback and contributions from the community
including comp.mail.misc people over the years.

--
Jem Berkes
Software design for Windows and Linux/Unix-like systems
http://www.sysdesign.ca/

Re: renattach 1.2.3, discontinued

> WARNING: THIS SOFTWARE HAS BEEN DISCONTINUED. IT IS NO LONGER MAINTAINED.

Another note, there is a rather complete PDF manual for renattach (20 or so
pages) that previously only provided to people who paid for the software.
The manual was a support bonus.

I have now posted this manual on the software's page
http://www.pc-tools.net/unix/renattach/

If anyone wants to keep using the software or is trying to modify it, the
manual should help better understand the software structure and use. The
source code is still there too of course.

--
Jem Berkes
Software design for Windows and Linux/Unix-like systems
http://www.sysdesign.ca/

Re: renattach 1.2.3, discontinued

Jem Berkes wrote:

> If anyone wants to keep using the software or is trying to modify it, the
> manual should help better understand the software structure and use. The
> source code is still there too of course.

Jem, what is the license? Would you consider releasing renattach under
the GPL or a BSD license so others can run with it?

Regards,

David.

Re: renattach 1.2.3, discontinued

> Jem, what is the license? Would you consider releasing renattach under
> the GPL or a BSD license so others can run with it?

I would... it is GNU GPL! Has been since version 1.00

If you're trying to modify renattach, beware the ad hoc MIME scanning. I
don't think what is currently coded can be adapted and improved upon, all
that MIME stuff would have to be redone.

The inline ZIP scanning (even of encrypted ZIP) works though.

--
Jem Berkes
Software design for Windows and Linux/Unix-like systems
http://www.sysdesign.ca/

Re: renattach 1.2.3, discontinued

Jem Berkes wrote:
>> Jem, what is the license? Would you consider releasing renattach under
>> the GPL or a BSD license so others can run with it?
>
> I would... it is GNU GPL! Has been since version 1.00
>
> If you're trying to modify renattach, beware the ad hoc MIME scanning. I
> don't think what is currently coded can be adapted and improved upon, all
> that MIME stuff would have to be redone.
>
> The inline ZIP scanning (even of encrypted ZIP) works though.
>

I've never used it, but as a suggestion, make a sourceforge project out
of it and stay on as the project director, or delegate that role to
someone you trust. Anyone who wants to continue working on it could do
so that way and you would still be able to maintain oversight over how
it gets modified.

Garen