Re: [Exim] Snow White virus

Top Page
Delete this message
Reply to this message
Author: Tabor J. Wells
Date:  
To: Steven A. Reisman
CC: exim-users
Subject: Re: [Exim] Snow White virus
On Fri, Dec 29, 2000 at 08:29:16PM -0600,
Steven A. Reisman <sar@???> is thought to have said:

> On Fri, Dec 29, 2000 at 06:42:02PM -0500, Dave C. wrote:
>
> > However, checking for the from header something like as follows would
> > throw them away. (This might not be 100% syntactically correct since
> > I'm writing this in a hurry, but the idea is the same)
>
> >  if $h_from contains "hahaha@???" then
> >    seen finish
> >  endif

>
> > > and just block it, is this the best solution?
>
> > > Thanks for your time
>
>
> I use sender_reject_recipients:
>
>     sender_reject_recipients = "lsearch;/etc/exim/sender_reject"

>
> and put hahaha@??? in /etc/exim/sender_reject


Doesn't work (as I discovered the other day). The sender on this virus is
<> not hahaha@???. That's just the contents of the From: header.

The above code is the correct way to deal with this. Or you can use the
generic windows executable content filter and re-arranges the part that
drops null sender messages out of the filter befire the other checks.

Tabor

-- 
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality