Re: [Exim] more on Navidad.exe

Top Page
Delete this message
Reply to this message
Author: Doug S
Date:  
To: Exim Users
Subject: Re: [Exim] more on Navidad.exe
Thus spake Steve Platt <svp@???>:
>By the way, I should have mentioned something else about the Navidad.exe that
>got past our system_filter (because message_body_visible was too small).
>


We had that happen once recently, too.

I'm freezing questionable files (rather than bouncing them - politics),
although in general I'm letting .exe files through - ie I took exe out
of the system filter (by the way, it's WONDERFUL! we stopped over 50
discreet virus copies in two months).

I had to code a special rule to catch navidad.exe, but because of my
relative ignorance of how to write the regular expression right, I
couldn't quite get a "generic rule". Suppose I want to watch for

anti_cih.exe
avp_updates.exe
happy99.exe
navidad.exe
siecho-no-ie.exe
zipped_files.exe

(which all belong to known viruses) and let other .exe files through -
yet relatively painlessly add another .exe to the list when we have to
watch for one ?

Thanks in advance, Doug
--
Doug S. (doug@???) (http://cc.ysu.edu/~doug/)

The shadow of a dog never bit anyone -- Kenneth Copeland
Stamp out html e-mails: http://www.geocities.com/CapitolHill/1236/nomime.html