Re: [Exim] Blocking sobig.f

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMM++\Smith, A.D. at <-
M.MMMMAlun at ->
Delete this message
Reply to this message
Author: jvanasco
Date:  
To: Smith, A.D.
CC: exim-users
Subject: Re: [Exim] Blocking sobig.f
check your errorlog and paniclog

demime seems to run into issues often, and will stop scanning should
an error occur

i *think* that demime can't handle poorly/wrongly encoded stuff well --
and just passes something if it errors out (which would be a good thing)

On Wednesday, August 20, 2003, at 10:56 AM, Smith, A.D. wrote:

> I have tried this, but some are still getting through ...
> I use exim 4.20 on Solaris 9 with the latest exiscan acl 4.20.x patch
> Unfortunately .pif attachments have been getting past exiscan acl and
> the system_filter.
> Could this be because I'm using the Solaris version of Perl? Should I
> get the latest one from CPAN?
>
> Any help or ideas would be great ;),
>
> Alex
>
> -----Original Message-----
> From: Jerry Bell [mailto:jerry@syslog.org]
> Sent: Wednesday, August 20, 2003 3:50 PM
> To: exim-users@???
> Subject: Re: [Exim] Blocking sobig.f
>
>
> <snip>
>>
>> I use this on my personal server. I can't at work because it
> can block
>> enough legit to not be useful.
>
> Another way I've found to very effectively block most all recent
> viruses
> is by blocking 'bad' attachments:
>
> deny  message = contains $found_extension file (blacklisted).
>      demime =
> ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:j
> se:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:v
> b:vbe:vbs:wsc:wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HL
> P:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:REG
> :SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH

>
> This has worked well for me. I've heard much talk about this not
> always
> working and one reason I've found is that the demime acl is case
> sensitive. I don't have all permutations here, but upper and lower
> seem
> to catch most all of them.
>
> Regards,
>
> Jerry
> http://www.syslog.org
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details at
> http://www.exim.org/ ##
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> Exim details at http://www.exim.org/ ##
>



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Extension-based Rejection[Exim] Majorcool & exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)