RE: [Exim] Yet Another Filter to block SoBig.F

Pàgina inicial
Delete this message
Reply to this message
Autor: Randy Bush
Data:  
A: Kevin Reed
CC: 'Avleen Vig', exim-users
Assumpte: RE: [Exim] Yet Another Filter to block SoBig.F
>> if $header_X-MailScanner matches "Found to be clean"
>> then
>>     if $header_Content-type matches "(multipart/mixed)" and
>> $header_X-Mailer matches "Microsoft Outlook Express 6.00.2600.0000"
>>     and $message_body matches
>> "name(:|=)\"(your_document.pif|document_all.pif|thank_you.pif|
>> your_details.pif|details.pif|document_9446.pif|application.pif
>> |wicked_scr.scr|movie0045.pif)\""
>>     then
>>         seen finish
>>     endif
>> endif

>
> Wouldn't it just be easier to do...
>
>   discard log_message = "DISCARD: Message contained ($found_extension)."
>           demime = scr:pif


no. mail relays receive legitimate scr and pif attachments. you
need to filter for the specific ones avleen mentioned.

randy