On Tue, 23 Sep 2003, Clive McDowell wrote:
> We're being plagued with a rash of these. We have the bog standard exim
> system filter in place to block messages with executable attachments but
> these seem to be getting through. I suspect part of the problem is that
> the executable is buried several levels down in the mime structure
> (which looks broken anyway). I'm not sufficiently competent with the
> filter logic to begin to fix this. Has anyone else been through the same
> exercise?
Have you been reading the discussion on this list? [hint!]
To catch the live virus, you need to scan enough of the content.
We scan 50k, and that is enough; I'm not sure what the minimum is.
The major problem here is the shrapnel from those idiots who insist on
stripping out the virus, which is easy to block, and replacing it with
all kinds of weird and wonderful messages in Portuguese, Romanian,
German etc. etc. telling us that we were the intended victims of a
virus attack. Sure, we knew that, now stop pestering us. Those
warnings are far more effort to identify and reject.
I'm blacklisting the lot of them as their warnings hit me - life's
just too short. If they complain, then I'll point them at
http://www.f-prot.com/news/gen_news/open_letter_10sept2003.html
