Re: [Exim] needed: beagle/bagle pattern

Top Page
Delete this message
Reply to this message
Author: Rossz Vamos-Wentworth
Date:  
To: Exim-users
Subject: Re: [Exim] needed: beagle/bagle pattern
Jonathan Vanasco wrote:
>   deny  message  = contains $found_extension file (This file extention
> is blacklisted, as it is likely to be a virus ).
>          demime   =
> ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:jse:lnk:
> mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:
> wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HLP:HTA:INF:INS:ISP:JS:
> JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:REG:SCR:SCT:SHS:SHB:URL:VB:VBE:
> VBS:WSC:WSF:WSH


Is it necessary to list both upper and lower case for the extensions? I
would hope not. If so, it won't take long for some virus writer to
start randomizing the case of each letter, e.g. eXE, Exe, EXe, etc.

--
Rossz