On Jan 20, 2004, at 11:32 AM, Chris Edwards wrote:
> Like most email worms, this is an executable attachment. Assuming you
> have the exiscan patch applied, you can get rid of all executable
> attachments, past/present/future with e.g:
>
> deny demime =
> bat:cmd:com:exe:hta:js:jse:lnk:pif:scr:shs:vbe:vbs:wsf:wsh
On Jan 20, 2004, at 11:27 AM, Kevin Reed wrote:
> Deny exe attachments and you have done it.
EXCELLENT!
I really had no idea what is in beagle... just wanted to stay ahead.
I've already got exceedingly strict blocking going on :)
deny message = contains $found_extension file (This file extention
is blacklisted, as it is likely to be a virus ).
demime =
ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:
mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:
wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HLP:HTA:INF:INS:ISP:JS:
JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:REG:SCR:SCT:SHS:SHB:URL:VB:VBE:
VBS:WSC:WSF:WSH
On Jan 20, 2004, at 11:30 AM, Martin A. Brooks wrote:
> Here's a 10 minute HOWTO on hooking F-Prot into exim4 via amavisd-new..
Thanks!
Again, much thanks to all!
