Re: [Exim] Blocking sobig.f

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MgARetH baBB at <-
MJawaid.Bazyar at ->
Delete this message
Reply to this message
Author: Frank S. Bernhardt
Date:  
To: tsh
CC: exim-users
Subject: Re: [Exim] Blocking sobig.f
Actually, I use the "contains" rather than "is" on purpose. The PHP_INST
mailing list got hit big time with this virus and was sending out emails
with the subject line: "[PHP-INST] Re:...etc".

But your point is a good one.

Thanks.


tsh@??? wrote:
> We've been doing something similar with per-user filters,
> but I would suggest replacing 'contains' with IS
> since this might result in fewer accidentally rejected
> messages.
>
> Cheers,
> Terry.
>
>
>
>>I like this solution.
>>
>>It's simple and it certainly does work.
>>
>>Thank you.
>>
>>Michael J. Tubby B.Sc. (Hons) G8TIC wrote:
>>
>>>All,
>>>
>>>Here's how we are blocking sobig.f on our public mail machines:
>>>
>>>
>>>a) create a file called /usr/exim/filter.sobig
>>>
>>>if $header_subject: contains "Re: Your Application"
>>>or $header_subject: contains "Re: My Details"
>>>or $header_subject: contains "Re: Details"
>>>or $header_subject: contains "Your Details"
>>>or $header_subject: contains "Re: That movie"
>>>or $header_subject: contains "Re: Wicked screensaver"
>>>or $header_subject: contains "Re: Details"
>>>or $header_subject: contains "Re: Thank you!"
>>>or $header_subject: contains "Thank you!"
>>>or $header_subject: contains "Re: Approved"
>>>then
>>>seen finish
>>>endif
>>>
>>>
>>>b) configure exim to use it, in /usr/exim/configure:
>>>
>>>    #
>>>    # filter for Sobig
>>>    #
>>>    system_filter = /usr/exim/filter.sobig

>>>
>>>
>>>
>>>Okay, its going to get some false positives (maybe) ...
>>>
>>>
>>>Mike
>>>
>>>PS. Credit to Pete Bowyer who hacked this together early this
>>>morning
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>--
>>>
>>>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>>>
>>>
>>
>>--
>>
>>Regards
>>
>>Frank S. Bernhardt
>>b.c.s.i.
>>14 Halton Court
>>Markham, ON. Canada
>>L3P 6R3
>>
>>905-471-1691 Voice
>>905-471-3016 FAX
>>
>>frank@???
>>
>>Registered Linux-User #312398 with the Linux Counter, http://counter.li.org.
>>
>>
>>--
>>
>>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>>
>>
>
>
>

--

Regards

Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON. Canada
L3P 6R3

905-471-1691 Voice
905-471-3016 FAX

frank@???

Registered Linux-User #312398 with the Linux Counter, http://counter.li.org.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Recipients in local_scan()[Exim] build problem not in FAQ->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)