Protector checks incoming e-mail messages for attachments that could contain viruses, worms etc - and replaces the offending attachments with standard warning messages before being passed to "procmail" for local delivery. The original "dangerous" attachment is saved in a directory that only the root user can access.
Protector is NOT a virus scanner in the traditional sense: It does NOT scan attachments for virus signatures, but blocks attachments that could contain viruses. So *.exe, *.vba etc attachments don't get through. This means that you don't have to keep protector up to date to stay protected against the growing tide of new viruses and worms.
Protector does not work by blocking listed types, but by blocking ALL BUT the listed types. For details of the attachment types "allowed through", please refer to the web site.
The logic employed by protector to determine the file types contained in attachments is based on a modified version of the "file" command, and a number of type-specific validation programs - it does not rely on the actual name of the file, or the "content-type" declared in the attachment header. It also looks inside ZIP, TAR and other archive formats, and checks the files contained in them.
Some types of files are allowed through only under certain conditions. The main example being that MS Word documents are blocked if they contain ANY macros, but allowed through otherwise.