Re: [Exim] Blocking sobig.f

Pàgina inicial
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
A: Jerry Bell
CC: exim-users
Assumpte: Re: [Exim] Blocking sobig.f
> Another way I've found to very effectively block most all recent viruses
> is by blocking 'bad' attachments:
>
> deny  message = contains $found_extension file (blacklisted).
>      demime =
> ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HLP:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:REG:SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH

>
> This has worked well for me. I've heard much talk about this not always
> working and one reason I've found is that the demime acl is case
> sensitive. I don't have all permutations here, but upper and lower seem
> to catch most all of them.


I wrote my own mailscanner and it has this feature in the 'mgrep' driver.
It'll check for filenames using globs, so that'd be *.ade;*.adp ... (i
didn't use a : for a reason and now I forgot the reason)

--
Lab tests show that use of micro$oft causes cancer in lab animals