Re: [Exim] needed: beagle/bagle pattern

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Chris Edwards
日付:  
To: Jonathan Vanasco
CC: Exim-users
題目: Re: [Exim] needed: beagle/bagle pattern
| someone on the list was nice to share a string pattern that blocked
| sobig through exiscan a few months ago

|
| has anyone come up with one for the beagle/bagle threat?


You don't need (1) a special string pattern, nor (2) a signature-based AV
scanner.

Like most email worms, this is an executable attachment. Assuming you
have the exiscan patch applied, you can get rid of all executable
attachments, past/present/future with e.g:

deny demime = bat:cmd:com:exe:hta:js:jse:lnk:pif:scr:shs:vbe:vbs:wsf:wsh

Some people would suggest a longer list of file extensions - see the list
archives.

Cheers

--
Chris Edwards, Glasgow University Computing Service