Re: [Exim] Blocking phony MS Security update emails

Top Page
Delete this message
Reply to this message
Author: Jeff Lasman
Date:  
To: exim-users
Subject: Re: [Exim] Blocking phony MS Security update emails
My summary to cap this query off...

On Friday 09 January 2004 06:59 am, Jeff Lasman wrote:

> We're being hit by MS security update emails. They're not spam, but
> rather more accurately described as virii or worms.
>
> Does anyone has a good rule that will block these? I know we'll have
> to do it at "data" time, but I guess that's better than not blocking
> them at all.


We're checking some filtering rules we came up with on our own, by using
them on my own Kmail mua. So far they look like they're picking up all
the virii and no false positives. After another week or so of testing
we'll add them to the server.

However, the bad part of all this is we don't have MS desktops so we
don't know what a "real" MS update looks like for whitelisting. Can
anyone help me with that?

Thanks.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"