Re: [Exim] DATA ACL to catch W32.Sobig.E

Top Page
Delete this message
Reply to this message
Author: Wolfgang Lumpp
Date:  
To: exim-users
Subject: Re: [Exim] DATA ACL to catch W32.Sobig.E
Hi,

looks nice, but...
One of the mails here have a
"boundary=----_=_NextPart_000_01C33BCE.8650533E"
:-(
Only all matching part is the attachment, as of now.

Regards
Wolfgang

Am Fre, 2003-06-27 um 11.47 schrieb Alan J. Flavell:
> On Fri, 27 Jun 2003, Chad Leigh -- Shire.Net LLC wrote:
>
> > After installing this this evening, I got one caught and one got
> > through (date had a + TZ not --). Thanks! Anything that can help
> > block this is much appreciated.
>
> We're blocking it on a characteristic string in the virus's
> Content-type header. I shan't reproduce it in its entirety here,
> because I set up a block to catch bogus reports coming in from idiots
> who want to accuse our innocent users (i.e those whose addresses have
> been counterfeited as senders) of being the cause of the problem.
> And that block would block this outgoing mail if I included the
> complete tag! But it begins "CSmtpMsgPart123".
>
> Apropos such bogus complaints (of which we caught about a dozen
> yesterday, and there are yet more coming in), we caught one accusation
> which apparently came from an end user at the remote site. When I
> complained to her about this false accusation of one of our users, she
> was astonished: apparently their local mail admin has arranged to
> catch incoming viruses, and counterfeit the address of the intended
> victim on an automatically composed complaint that is sent to the
> counterfeited address that was found in the incoming envelope-sender
> (if you see what I mean). Sheesh.
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##