RE: [Exim] Blocking phony MS Security update emails

Top Page

Reply to this message
Author: Eli
Date:  
To: 'Jeff Lasman', exim-users
Subject: RE: [Exim] Blocking phony MS Security update emails
>However, the bad part of all this is we don't have MS desktops so we
>don't know what a "real" MS update looks like for whitelisting. Can
>anyone help me with that?


Quite simple :) Microsoft does not distribute any updates via email. It's
done through their windowsupdate website, or through the windows update
scheduled daemon which runs on the client side and automatically fetches
updates from microsoft servers.

Eli.

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On Behalf
Of Jeff Lasman
Sent: Friday, January 23, 2004 11:34 PM
To: exim-users@???
Subject: Re: [Exim] Blocking phony MS Security update emails

My summary to cap this query off...

On Friday 09 January 2004 06:59 am, Jeff Lasman wrote:

> We're being hit by MS security update emails. They're not spam, but
> rather more accurately described as virii or worms.
>
> Does anyone has a good rule that will block these? I know we'll have
> to do it at "data" time, but I guess that's better than not blocking
> them at all.


We're checking some filtering rules we came up with on our own, by using
them on my own Kmail mua. So far they look like they're picking up all
the virii and no false positives. After another week or so of testing
we'll add them to the server.

However, the bad part of all this is we don't have MS desktops so we
don't know what a "real" MS update looks like for whitelisting. Can
anyone help me with that?

Thanks.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"


--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##