Implement OLE Filter on Debian 8 / Postfix (Mraptor Milter)

Published on Author righter2 Comments

To avoid this stupid OLE Viruses in Office documents, there is a OLE scanner which you can implement in your postfix
http://www.decalage.info/en/python/oletools

First you need some apts:

apt-get install python-milter python-daemonize

Then you need to install the OLE tools:

pip install -U https://github.com/decalage2/oletools/archive/master.zip
chomd +x /usr/local/lib/python2.7/dist-packages/oletools/mraptor_milter.py
/usr/local/lib/python2.7/dist-packages/oletools/mraptor_milter.py

Paste this in /etc/crontab for autostart at reboot (or do a better systemd init script whatever..)

# Autostart
@reboot root /usr/local/lib/python2.7/dist-packages/oletools/mraptor_milter.py

This will not block the mails but will filter out the virus infected documents

2 Responses to Implement OLE Filter on Debian 8 / Postfix (Mraptor Milter)

  1. If you want t o to illustrate, how to implement Mraptor Milter on postfix, you should tell the whole story: How do you convince postfix, to call mraptor_milter.py at all.

    Since mraptor_milter.py listens on Port 25252, you need to add the following configuration directives in /etc/postfix/main.cf:
    milter_default_action = accept
    smtpd_milters = inet:localhost:25252

    But beware! As I see it, mraptor_milter.py is, as delivered from github, absolutely unusable for a professional service. The worst bug (beyond many) you find in the unconfigurable directives

    348 except Exception:
    [..]
    351 result = Milter.DISCARD

    Whenever an eror occurs while a message is processed, be it a unreadable file, be it some mailtext the program don’t understand for which reason ever, yes, even if it’s a programming error in the program byself – The message will be discarded. Neither sender nor recipient will ever learn, what had happened to their mail.

    The use of mraptor_milter.py as is, without massively rewiriting the code, is absolutely not recommendable. It is a nice piece of code, indeed – but in my opinion absolutely unusable out of the box.

Leave a Reply

Your email address will not be published. Required fields are marked *