Chris Lowth's Home | Protector Home | Topic Index | Changes | Search

Protector 1.00.6 - Functional overview

Protector is a free, open source (GPL), low maintenance e-mail virus blockade system, used mainly to protect MicroSoft windows e-mail client systems from attack, but useful for other client types as well.

Protector lives on e-mail servers that handle in-bound messages. It checks incoming e-mail for attachments that could contain viruses, worms etc - and replaces the offending attachments with standard warning messages (or modifies them to remove the dangerous parts) before passing them on to their intended recipients. The original "dangerous" attachment is saved in a directory that only the system administrator can access.

Protector is NOT a virus scanner in the traditional sense: It does NOT scan attachments for virus signatures, but blocks or edits attachments that could contain viruses. So *.exe, *.vba etc attachments don't get through. This means that you don't have to keep protector up to date to stay protected against the growing tide of new viruses and worms.

Protector does not work by blocking listed types, but by blocking ALL BUT a listed set of types.

The logic employed by protector to determine the file types contained in attachments is based on a modified version of the "file" command, and a number of type-specific validation programs - it does not rely on the actual name of the file, or the "content-type" declared in the attachment header. It also looks inside ZIP, TAR and other archive formats, and checks the files contained in them.

Some types of files are allowed through only under certain conditions. The main example being that MS Word documents are blocked if they contain ANY macros, but allowed through otherwise.

Protector grew out of a need to protect a small network that I manage in my spare time from the dangers of e-mail borne viruses and trojans. A number of installations exist round the world and feed back from users has allowed me to improve the system - in terms of reliability, performance, ease of use and the breadth of file types "allowed through". Development is still underway, and a new release will be available shortly that allows a far larger set of file types through, allows scripts to be removed from attachments (eg: JavaScript can be removed from HTML files), and is significantly easier to tailor.

Constructive critisism is warmly invited


  All material on this page, and the "protector" software to which it relates is Copyright (C) 2002 by Chris Lowth. "Protector" is free, open source software, licensed according to the terms of the GNU Public License