Re: [Exim] MyDoom filtering?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MChristoph Kliemt at <-
MJonathan Vanasco at ->
Delete this message
Reply to this message
Author: Jonathan Vanasco
Date:  
To: Exim-users
Subject: Re: [Exim] MyDoom filtering?
Has anyone come up with a pattern to regex against the zipped
attachment?

It just seems so silly to unpack and scan hundreds of attachments that
are coming in for this virus.

I would love an ACL trick that does some flow like this:

deny if demimed attachment regexes true to prevalent virus of the week
deny if demimed / unzipped demimed attachment returns true from pipe to
virus scanning app
accept

anyone figure this out?



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] "3.3" is not a numberRe: [Exim] Synchronization Error->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)