On Tue, 23 Sep 2003, Vaclav made the net somewhat safer by saying: > Hello, > > recently I have introduced to postfix the mime_header_check with the > rule to bounce messages including attachments with executable files > based on a suggestion in this list. I have tested that and it seemed > to work fine. Nevertheless since Sunday I am receiving (and other > users of the server, too) many mails containing the w32.swen.A. It's > strange, as this mail contains a file xxxx.exe attached. Is there a > way to modify the postfix conffiguration to stop these (and may be > similar mails in the future) mails? Seems that this type of > attachment bypasses somehow this filtre. I have checked the message, > and did not find a difference with otrher types of attachments. Check Ralf Hildebrandts site <http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml> I'm using simpel headerchecks on the Subject and From myself, plus a message_size_limit of 64kB, which seems effective enough. /^Subject:.*Last Net Pack/ DISCARD Possible virus, don't need it anyway /From:.*(microsoft|ms)\s+(internet|corporation|program|technical|customer|email|network)/ DISCARD Possible virus, don't need it anyway /From:.*(customer|security)\s+(assistance|service|bulletin)/ DISCARD Possible virus, don't need it anyway /From:.*network\s+message/ DISCARD Possible virus, don't need it anyway All pcre. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 27N , 4 29 45E. SuSE 8.2 x86 Kernel k_Athlon 2.4.20-4GB See headers for PGP/GPG info.
Description: PGP signature