Re: [Exim] Snow White virus

Top Pagina
Delete this message
Reply to this message
Auteur: Dave C.
Datum:  
Aan: Mitchell
CC: exim-users
Onderwerp: Re: [Exim] Snow White virus


On Fri, 29 Dec 2000, Mitchell wrote:

>
> Hi, a lot of our users have been recieving emails containing whats
> labeled "The Snowwhite Virus".


Actually, its the Hybris virus.. Or the W95.MTX...

>
> Is there any way I can put filters in place using exim so that these
> messages are automaticly trashed with out getting delivered?
>
> They are all comming from the same address so I *could* use a rbl rule


They wont be coming from the same IP addres, as random windows boxen
from all over will be trying to send it. It always comes with the same
EMAIL address in the From: header, (but the envelope-sender is <> -
this one is evil) but RBL only deals with IP addresses, not IP
addresses.

However, checking for the from header something like as follows would
throw them away. (This might not be 100% syntactically correct since
I'm writing this in a hurry, but the idea is the same)

if $h_from contains "hahaha@???" then
seen finish
endif

> and just block it, is this the best solution?
>
> Thanks for your time
>
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--