Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS

From: "Richard Holland" <richard tellytart co uk>
To: <evolution ximian com>
Subject: Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
Date: Wed, 21 Aug 2002 13:30:04 -0100 (BST)

Michael Leone said:

Here's the list of stuff I block -

/^(Content-Disposition:
attachment;.*|Content-Type:.*|\s+)(file)?name="?.*(\.|=2E)(lnk|hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll)"?$/
REJECT

And that covers just about any virus-ladened executable attachment out
there. And the AV scan is for everything else. The virus email yesterday
had a supposed "gc.bat" as an attachment. Also blocked a 2nd one with a
"style.bat" attachment, as well as rejecting one that came thru an open
relay in the ORDB database. And then I run SpamAssassin for all users
(me and a couple friends :-); it tags all suspected spam email, and I
route it to a special folder. There are some false positives, but not
many.


Another thought - as you use the ORDB for open relays, why not use
sbl.spamhaus.org as an additional host in the maps_rbl_domains, as it is a
realtime list of spammers e-mail addresses and domain names.

Just my two penneth!

Richard Holland
richard tellytart co uk

Follow-Ups:
- Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
  - From: Michael Leone

References:
- Re: VIRUS!! RE: [Evolution] Look,my beautiful girl friend VIRUS
  - From: Michael Leone

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]