[Exim] DATA ACL to catch W32.Sobig.E

Etusivu
Poista viesti
Vastaa
Lähettäjä: Tabor J. Wells
Päiväys:  
Vastaanottaja: exim-users
Aihe: [Exim] DATA ACL to catch W32.Sobig.E
For those of you who are dealing with W32.Sobig.E today and don't want to
block all mail with .zip attachments, the following DATA ACL seems to catch
the infected mail 100% of the time. At least for this variation of the worm.

deny    condition = ${if match{$header_date:}{\N\s--\d{4}$\N}{yes}{no}}
        log_message = "Malformed Date header (double dash on TZ). Probably \
                       W32.Sobig.E. Date: $header_date:"
        message = This message has been refused because it looks \
                  like it is infected with the W32.Sobig.E worm. See\n\
                  http://www.sarc.com/avcenter/venc/data/w32.sobig.e@mm.html \
                  for details. If you feel this determination is in error, \
                  please forward the entire message to \
                  postmaster@??? and include code \"AV#1\" \
                  in the Subject


Tabor
--
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality