著者: Chris Edwards 日付: To: Jonathan Vanasco CC: Exim-users 題目: Re: [Exim] needed: beagle/bagle pattern
| someone on the list was nice to share a string pattern that blocked | sobig through exiscan a few months ago | | has anyone come up with one for the beagle/bagle threat?
You don't need (1) a special string pattern, nor (2) a signature-based AV
scanner.
Like most email worms, this is an executable attachment. Assuming you
have the exiscan patch applied, you can get rid of all executable
attachments, past/present/future with e.g: