Re: [Exim] Blocking sobig.f

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Alun
Ημερομηνία:  
Προς: jvanasco
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] Blocking sobig.f
--
jvanasco (jvanasco@???) said, in message
    <02EE1820-D319-11D7-B4D4-000393863D5E@???>:

>
>
> So is this a sobig specific string for infected files?
>
> > if $message_body contains "AAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g"
> > then
> >     logfile "/tmp/virus.log"
> >     logwrite "$tod_log blocked to $recipients from $sender_host_address"
> >     seen finish
> > endif

>


Well, it was in all the examples I found yesterday whilst panicing about it!
That pattern blocked around 25,000 messages at Aber in the 15 minutes
between my installing it and Sophos getting out an IDE for it.

Cheers,
Alun.

--
Alun Jones                       auj@???
Systems Support,                 (01970) 62 2494
Information Services,
University of Wales, Aberystwyth



--
[ Content of type application/pgp-signature deleted ]
--