Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS

["Michael Leone" <turgon mike-leone com>]

Rob Brown-Bayliss said:
> On Tue, 2002-08-20 at 03:43, Michael Leone wrote:
>
> > And there's the beauty of blocking executable attachments/running virus
scans on your own mail server. I had no idea there was such a message
to the list, since my MTA rejected it before I ever saw it. :-)
> Does it block all executables?  A bit of a pain if some one is trying to
send you something usefull?

Not at all. You just compress the executable - zip, sit, arj, whatever you
want to use - before attaching. I allow thru all compressed archives
types. I then use Amavis and F-Prot to unpack these compressed archives,
and virus scan them.

Here's the list of stuff I block -

/^(Content-Disposition:
attachment;.*|Content-Type:.*|\s+)(file)?name="?.*(\.|=2E)(lnk|hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll)"?$/
REJECT

And that covers just about any virus-ladened executable attachment out
there. And the AV scan is for everything else. The virus email yesterday
had a supposed "gc.bat" as an attachment. Also blocked a 2nd one with a
"style.bat" attachment, as well as rejecting one that came thru an open
relay in the ORDB database. And then I run SpamAssassin for all users (me
and a couple friends :-); it tags all suspected spam email, and I route it
to a special folder. There are some false positives, but not many.

Makes email a LOT more pleasant. :-)

-- 
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member,
LEAF Project <http://leaf.sourceforge.net>    AIM: MikeLeone

These are the memories which make me a wealthy soul ...



Random Thought:
--------------