Re: [Exim] the Klez virus

Top Page
Delete this message
Reply to this message
Author: dman
Date:  
To: Exim List
Subject: Re: [Exim] the Klez virus
--
On Fri, May 10, 2002 at 01:05:23PM +1000, Brown wrote:
| This is a multi-part message in MIME format.
| --
| [ Picked text/plain from multipart/alternative ]
| Hi all,

|
| i'm having a bit of trouble filtering emails infected by the klez
| virus. I'm currently using system_filter.exim, which works well, but
| klez seems to be able to get through. Does anyone have any
| suggestions?


if
    "$message_body $message_body_end"
        matches "Content-.*audio/x-wav.*\.(?:pif|exe)"
    or
    "$message_body $message_body_end"
        matches "Content-.*audio/x-mid.*\.(?:scr|exe)"
    or
    "$message_body $message_body_end"
        matches "<iframe.*</iframe>"
then
  fail "<<klez (sender: $sender_address) (From: $h_From:)>> \
         This message has been rejected because the body contains \n\
         text that appears to be MIME Content-Type: headers used by KLEZ.\n\
         If you intended to send the data then please gzip it and resend it."
  seen finish
endif


-D

--

Consider what God has done:
    Who can straighten what He has made crooked?
        Ecclesiastes 7:13


GnuPG key : http://dman.ddts.net/~dman/public_key.gpg

--
[ Content of type application/pgp-signature deleted ]
--