Re: [Exim] Generic VBS script detection

Góra strony
Delete this message
Reply to this message
Autor: Julian King
Data:  
Dla: exim-users
Temat: Re: [Exim] Generic VBS script detection
> I am not a filter expert :-(, and have not tested this, but how about
> something like this as a starting point:-
>
>   if ($message_body matches "^\\s+name=[A-Za-z0-9_-.]+.[vV][bB][sS]" or
>       $message_body matches "^begin \\d\\d\\d .+\\.[vV][bB][sS]")
>     ... then/action/endif


One additional test that we have been pondering in this office was
to test for a suspect mail agent, say M$ Outlook, although others like
Eudora should not be forgotten. Viruses are only likely to be coming
from a windows box, basically.
Half the office just wants to throw away all mail from M$ boxes, but
on sober reflection that might be politically untenable ;-)


>     Nigel.


Julian
--
Julian King
Computer Officer, University of Cambridge, Unix Support