Re: [Exim] needed: beagle/bagle pattern

Top Page
This message is part of the following thread:
M+-+\the complete thread tree sorted by date
MM\MMMartin A. Brooks at <-
MMMJonathan Vanasco at ->
Delete this message
Reply to this message
Author: Chris Edwards
Date:  
To: Jonathan Vanasco
CC: Exim-users
Subject: Re: [Exim] needed: beagle/bagle pattern
| someone on the list was nice to share a string pattern that blocked
| sobig through exiscan a few months ago
|
| has anyone come up with one for the beagle/bagle threat?

You don't need (1) a special string pattern, nor (2) a signature-based AV
scanner.

Like most email worms, this is an executable attachment. Assuming you
have the exiscan patch applied, you can get rid of all executable
attachments, past/present/future with e.g:

deny demime = bat:cmd:com:exe:hta:js:jse:lnk:pif:scr:shs:vbe:vbs:wsf:wsh

Some people would suggest a longer list of file extensions - see the list
archives.

Cheers

--
Chris Edwards, Glasgow University Computing Service


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] needed: beagle/bagle patternRe: [Exim] needed: beagle/bagle pattern->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)