Attachment in Archive - ORF Forums

The attachment filtering of ORF does not support scanning inside attached archives, but if you have a command line tool (e.g. anti-virus product) which supports scanning inside archives, you can achieve this by creating an External Agent:

Information on External Agents: http://blog.vamsoft.com/?p=113
Creating External Agent definitions: http://blog.vamsoft.com/?p=115
Testing: http://blog.vamsoft.com/?p=118

@Uwe Kortkamp: The External Agent test is performed on a temporary copy of the email (.eml file) which ORF creates in the path you specified under Configuration / Filtering - On Arrival / External Agents. Once the scan is finished and the agent has the result (i.e., the exit code returned by the command line executable), the file is deleted automatically.

Unfortunately, it is not possible to extract the attached files individually from the incoming emails, but usually that is not a problem, since the command line scanners (like NOD32) is capable of scanning inside archives (so it should find the virus (or any other files) in the .eml file, even if it is in the attached archive).

I assume it is possible to configure the command line scanner to return a hit on certain file types (or even better: MIME types) as well, so you could achieve your original goal (detect mp3 files inside archives attached to incoming emails). Unfortunately, I am not familiar with the capabilities of the NOD32 command line scanner, so I suggest consulting the documentation regarding this :)