Re: [Exim] Blocking sobig.f

Top Page
Delete this message
Reply to this message
Author: Michael J. Tubby B.Sc. \(Hons\) G8TIC
Date:  
To: Wakko Warner, Giolla Decair
CC: exim-users
Subject: Re: [Exim] Blocking sobig.f
All,

Here's how we are blocking sobig.f on our public mail machines:


a) create a file called /usr/exim/filter.sobig

if $header_subject: contains "Re: Your Application"
or $header_subject: contains "Re: My Details"
or $header_subject: contains "Re: Details"
or $header_subject: contains "Your Details"
or $header_subject: contains "Re: That movie"
or $header_subject: contains "Re: Wicked screensaver"
or $header_subject: contains "Re: Details"
or $header_subject: contains "Re: Thank you!"
or $header_subject: contains "Thank you!"
or $header_subject: contains "Re: Approved"
then
seen finish
endif


b) configure exim to use it, in /usr/exim/configure:

    #
    # filter for Sobig
    #
    system_filter = /usr/exim/filter.sobig




Okay, its going to get some false positives (maybe) ...


Mike

PS. Credit to Pete Bowyer who hacked this together early this
morning