Re: [Exim] Blocking phony MS Security update emails

Góra strony
Delete this message
Reply to this message
Autor: Giuliano Gavazzi
Data:  
Dla: Wakko Warner, Marc Perkel
CC: Jeff Lasman, exim-users
Temat: Re: [Exim] Blocking phony MS Security update emails
At 10:51 am -0500 2004/01/09, Wakko Warner wrote:
> > What I do is install exiscan and I just block all executable files. Thus
>> - all viruses go away.
>
>Simple for me. No windows, no problem =) I just did that hack to stop them
>wasting my bandwidth. I see no real reason to use exiscan.


I agree, no windows here to, while I cannot say so of my users. But
people! please remember to trim your replies, as this not only wastes
bandwidth but also local storage!!

Regarding your rule, I imagine you then check at the RCPT phase for
$sender_address in /etc/exim4/virus_senders saving yourself to get to
the DATA phase. I can only see one problem here, you might end up
blocking legitimate users, and not necessarily infected ones.
Remember that the virus (if it is selfpropagating) might get the
sender address from the local out-box.

Also, you have forgotten "Net Recipient" for messages coming from
"Administrator" <> (SUBJECT: Returned Message: User unknown). They
usually come in pair here...

Giuliano

[...]
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/