Re: [Exim] bugbear worm]

Página Inicial
Delete this message
Reply to this message
Autor: Robert Stanford
Data:  
Para: exim-users
Assunto: Re: [Exim] bugbear worm]
On Tue, 2002-10-08 at 16:49, Todd Lattimer wrote:
> Hi all,
>
> I was wondering if anyone has setup a filter to catch the bugbear worm.
> I've tried installing the one below but it doesn't appear to be working.
> If anyone has had any luck blocking this worm i'd be keen to know what you
> did that got it stopped.
>


This is a bit severe however it works. I added the following to the
generic executable filter mentioned on exim.org index page.

The virus seems to send out in 2 forms, one as a regular attachment and
another as an embeded midi file. The later is the type that gets past
the regular filter.

Several days later and on several boxes we seem to have had no breaches
yet. /me keeps fingers crossed


##-----------------------------------------------------------------------
# Attempt to catch message body content: audio/x-midi
# in emails.  As is used by bugbear and possibly
# several other virus.
if $message_body matches "audio/x-midi;"
then
  fail text "This message has been rejected because it has\n\
            a data type known to be used by several viruses\n\
            If you meant to send this file then please\n\
            package it up as a zip file and resend it."
  seen finish
endif
##-----------------------------------------------------------------------


--
¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤
Robert Stanford
º¤º°`°º¤ø,¸¸,ø¤º°`°º¤º
--
¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤
Robert Stanford
º¤º°`°º¤ø,¸¸,ø¤º°`°º¤º