Revisiting an old thread, virus scanning of attachments. The suggestion previously - see Virus Scanning of ticket attachments? - was to either do the scanning of emails before sending to rt-mailgate, or as a hook when submitting via the web UI.
I don’t see these as suitable solutions. Scanning the emails won’t work if they’re encrypted, and there is also the REST 2.0 API which by-passes both of those.
I think that RT::Attachment::Create would need to be modified to run the required checks, then only if they pass will the content be saved. If they fail then a suitable message would be stored instead.
Does that sound sensible?