Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
- From: "Michael Leone" <turgon mike-leone com>
- To: <evolution ximian com>
- Subject: Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
- Date: Tue, 20 Aug 2002 09:07:31 -0400 (EDT)
Rob Brown-Bayliss said:
On Tue, 2002-08-20 at 03:43, Michael Leone wrote:
And there's the beauty of blocking executable attachments/running virus
scans on your own mail server. I had no idea there was such a message
to the list, since my MTA rejected it before I ever saw it. :-)
Does it block all executables? A bit of a pain if some one is trying to
send you something usefull?
Not at all. You just compress the executable - zip, sit, arj, whatever you
want to use - before attaching. I allow thru all compressed archives
types. I then use Amavis and F-Prot to unpack these compressed archives,
and virus scan them.
Here's the list of stuff I block -
/^(Content-Disposition:
attachment;.*|Content-Type:.*|\s+)(file)?name="?.*(\.|=2E)(lnk|hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll)"?$/
REJECT
And that covers just about any virus-ladened executable attachment out
there. And the AV scan is for everything else. The virus email yesterday
had a supposed "gc.bat" as an attachment. Also blocked a 2nd one with a
"style.bat" attachment, as well as rejecting one that came thru an open
relay in the ORDB database. And then I run SpamAssassin for all users (me
and a couple friends :-); it tags all suspected spam email, and I route it
to a special folder. There are some false positives, but not many.
Makes email a LOT more pleasant. :-)
--
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member,
LEAF Project <http://leaf.sourceforge.net> AIM: MikeLeone
These are the memories which make me a wealthy soul ...
Random Thought:
--------------
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]