Re: [Exim] Blocking sobig.f

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Michael J. Tubby B.Sc. \(Hons\) G8TIC
Datum:  
To: Wakko Warner, Giolla Decair
CC: exim-users
Betreff: Re: [Exim] Blocking sobig.f
All,

Here's how we are blocking sobig.f on our public mail machines:


a) create a file called /usr/exim/filter.sobig

if $header_subject: contains "Re: Your Application"
or $header_subject: contains "Re: My Details"
or $header_subject: contains "Re: Details"
or $header_subject: contains "Your Details"
or $header_subject: contains "Re: That movie"
or $header_subject: contains "Re: Wicked screensaver"
or $header_subject: contains "Re: Details"
or $header_subject: contains "Re: Thank you!"
or $header_subject: contains "Thank you!"
or $header_subject: contains "Re: Approved"
then
seen finish
endif


b) configure exim to use it, in /usr/exim/configure:

    #
    # filter for Sobig
    #
    system_filter = /usr/exim/filter.sobig




Okay, its going to get some false positives (maybe) ...


Mike

PS. Credit to Pete Bowyer who hacked this together early this
morning