On Tue, 23 Sep 2003, Vaclav made the net somewhat safer by saying:
> Hello,
>
> recently I have introduced to postfix the mime_header_check with the
> rule to bounce messages including attachments with executable files
> based on a suggestion in this list. I have tested that and it seemed
> to work fine. Nevertheless since Sunday I am receiving (and other
> users of the server, too) many mails containing the w32.swen.A. It's
> strange, as this mail contains a file xxxx.exe attached. Is there a
> way to modify the postfix conffiguration to stop these (and may be
> similar mails in the future) mails? Seems that this type of
> attachment bypasses somehow this filtre. I have checked the message,
> and did not find a difference with otrher types of attachments.
Check Ralf Hildebrandts site
<http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml>
I'm using simpel headerchecks on the Subject and From myself, plus a
message_size_limit of 64kB, which seems effective enough.
/^Subject:.*Last Net Pack/
DISCARD Possible virus, don't need it anyway
/From:.*(microsoft|ms)\s+(internet|corporation|program|technical|customer|email|network)/
DISCARD Possible virus, don't need it anyway
/From:.*(customer|security)\s+(assistance|service|bulletin)/
DISCARD Possible virus, don't need it anyway
/From:.*network\s+message/
DISCARD Possible virus, don't need it anyway
All pcre.
Theo
--
Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org
ICBM 52 13 27N , 4 29 45E.
SuSE 8.2 x86
Kernel k_Athlon 2.4.20-4GB
See headers for PGP/GPG info.
Attachment:
pgpCoBu3stcxc.pgp
Description: PGP signature