derrick@??? said:
> What seems to be the 'final verdict', or best guess to deal with this?
My approach has been to throw in a subject based filter for now.
However I think that within days some script kids will do a warmed over
version with new subjects or more cleverly with changing subjects (ie
just pinch them out of messages in the in/outbox) and we'll have an
even more interesting problem, so as soon as the VBS filter discussion
settles I am going to take that and use it.
Current filter, as stolen from earlier messages is:-
# exim filter
# -----------
# Put this in your system filter - say
# /etc/exim/system_file.exim
#
if $h_subject begins "ILOVEYOU" and not error_message
then
fail text "you appear to have a virus on
your PC (see http://www.fsecure.com/v-descs/love.htm).\n
Check your system, or rephrase the subject"
endif
You need to call this filter from your config file, so add
message_filter = /etc/exim/system_filter.exim
Just to give you a giggle, one site that the exim list delivers to has
been bouncing mail this afternoon:-
From: postmaster@???
Subject: Network Associates Webshield - e-mail Content Alert
Network Associates WebShield SMTP V4.5 on eximc-3 intercepted a mail
from <exim-users-admin@???> which caused the Content Filter
Block ILOVEYOU virus to be triggered.
I think that false positives a little...
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
