RE: [Exim] Blocking sobig.f

Pàgina inicial
Delete this message
Reply to this message
Autor: Smith, A.D.
Data:  
A: exim-users
Assumpte: RE: [Exim] Blocking sobig.f
I have tried this, but some are still getting through ...
I use exim 4.20 on Solaris 9 with the latest exiscan acl 4.20.x patch
Unfortunately .pif attachments have been getting past exiscan acl and the system_filter.
Could this be because I'm using the Solaris version of Perl? Should I get the latest one from CPAN?

Any help or ideas would be great ;),

Alex

-----Original Message-----
From: Jerry Bell [mailto:jerry@syslog.org]
Sent: Wednesday, August 20, 2003 3:50 PM
To: exim-users@???
Subject: Re: [Exim] Blocking sobig.f


<snip>
>
> I use this on my personal server. I can't at work because it

can block
> enough legit to not be useful.


Another way I've found to very effectively block most all recent viruses
is by blocking 'bad' attachments:

deny  message = contains $found_extension file (blacklisted).
     demime =
ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:j
se:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:v
b:vbe:vbs:wsc:wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HL
P:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:REG
:SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH


This has worked well for me. I've heard much talk about this not always
working and one reason I've found is that the demime acl is case
sensitive. I don't have all permutations here, but upper and lower seem
to catch most all of them.

Regards,

Jerry
http://www.syslog.org

--

## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##