Re: [Exim] Blocking phony MS Security update emails

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jeff Green
Date:  
À: exim-users
Sujet: Re: [Exim] Blocking phony MS Security update emails
At 08:34 PM 1/23/04, you wrote:
>My summary to cap this query off...
>
>On Friday 09 January 2004 06:59 am, Jeff Lasman wrote:
>
> > We're being hit by MS security update emails. They're not spam, but
> > rather more accurately described as virii or worms.
> >
> > Does anyone has a good rule that will block these? I know we'll have
> > to do it at "data" time, but I guess that's better than not blocking
> > them at all.
>
>We're checking some filtering rules we came up with on our own, by using
>them on my own Kmail mua. So far they look like they're picking up all
>the virii and no false positives. After another week or so of testing
>we'll add them to the server.
>
>However, the bad part of all this is we don't have MS desktops so we
>don't know what a "real" MS update looks like for whitelisting. Can
>anyone help me with that?


There are none - MS doesn't announce updates by email. Look here:

http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgroups/nodepages/sectop10.asp


Best regards,

Jeffrey B. Green        Personal Computer Consultant - Las Vegas, Nevada
http//jbgreen.com       Networking Las Vegas Since 1986
(702) 228-1441