Re: [Exim] MyDoom filtering?

Top Page
Delete this message
Reply to this message
Author: Jonathan Vanasco
Date:  
To: Exim-users
Subject: Re: [Exim] MyDoom filtering?
Has anyone come up with a pattern to regex against the zipped
attachment?

It just seems so silly to unpack and scan hundreds of attachments that
are coming in for this virus.

I would love an ACL trick that does some flow like this:

deny if demimed attachment regexes true to prevalent virus of the week
deny if demimed / unzipped demimed attachment returns true from pipe to
virus scanning app
accept

anyone figure this out?