Author: Jeff Green Date: To: exim-users Subject: Re: [Exim] Blocking phony MS Security update emails
At 08:34 PM 1/23/04, you wrote: >My summary to cap this query off...
>On Friday 09 January 2004 06:59 am, Jeff Lasman wrote:
> > We're being hit by MS security update emails. They're not spam, but
> > rather more accurately described as virii or worms.
> > Does anyone has a good rule that will block these? I know we'll have
> > to do it at "data" time, but I guess that's better than not blocking
> > them at all.
>We're checking some filtering rules we came up with on our own, by using
>them on my own Kmail mua. So far they look like they're picking up all
>the virii and no false positives. After another week or so of testing
>we'll add them to the server.
>However, the bad part of all this is we don't have MS desktops so we
>don't know what a "real" MS update looks like for whitelisting. Can
>anyone help me with that?
There are none - MS doesn't announce updates by email. Look here: