Re: [Exim] Blocking sobig.f

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jerry Bell
Datum:  
To: Leonardo Boselli, exim-users
Betreff: Re: [Exim] Blocking sobig.f
That is true. Fortunately, there are relatively few people who can execute
perl and tcl files on their windows machines. The extensions that are
blocked below actually come from a recommendation by Microsoft on what
attachments are 'dangerous' and probably should be blocked.

Jerry
http://www.syslog.org
----- Original Message -----
From: "Leonardo Boselli" <leo@???>
To: "Jerry Bell" <jerry@???>; <exim-users@???>
Sent: Wednesday, August 20, 2003 1:57 PM
Subject: Re: [Exim] Blocking sobig.f


Btw: even pl and tcl can be automatically executed ... !...

Il 20 Aug 2003 alle 10:50, Jerry Bell immise in rete:

> <snip>
> Another way I've found to very effectively block most all recent viruses
> is by blocking 'bad' attachments:
> deny  message = contains $found_extension file (blacklisted).
>      demime =

>

ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:mdb:m
de:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:wsf:wsh:AD
E:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HLP:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE
:MSC:MSI:MSP:MST:PCD:PIF:REG:SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH
> sensitive. I don't have all permutations here, but upper and lower seem
> to catch most all of them.