On Tue, Nov 14, 2000 at 09:13:43AM +0100,
Cherubini Enrico <kevin@???> is thought to have said:
> Hi,
> I'm using exim.filter to filter incoming email looking for viruses. As many
> of you know there is another virus around called navidad or something like
> this..I tried to update exim.filter but I understood only how to add new
> extensions. How can I change it to look in the file name too ?
The following works fine for me (adapted from the generic script -- which
should work as well since it blocks all exe files by default)
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Dispo
sition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(
?>\\\\s+))(\"navidad.exe\"|navidad.exe)[\\\\s;]"
then
fail text "\tThis message has been rejected because it appears to\n\
\tcontain the W32.Navidad worm. See:\n\
\thttp://www.sarc.com/avcenter/venc/data/w32.navidad.html\n\
\tfor details. Please contact postmaster@??? with\n\
\tany questions."
seen finish
endif
--
--------------------------------------------------------------------
Tabor J. Wells twells@???
Fsck It! Just another victim of the ambient morality
