Date: Tue, 27 Nov 2001 12:11:51 -0800 (PST) From: Linh Pham <lplist@closedsrc.org> To: Mathieu Arnold <arn_mat@club-internet.fr> Cc: setantae <setantae@submonkey.net>, FreeBSD questions <freebsd-questions@FreeBSD.ORG> Subject: Re: The Stupid Virus going arround. Message-ID: <20011127121006.S59319-100000@q.closedsrc.org> In-Reply-To: <3C03AC15.1113F8AF@club-internet.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2001-11-27, Mathieu Arnold scribbled: # not a procmail rule, but a postfix:body_check : # /^\s+name="?.*\.(doc|zip|exe|xls|jpg|gif|mp3)\.(scr|pif|bat|com|exe|lnk)"?/ REJECT A more inclusive rule for body_check would be: /^Content-(Disposition|Type): application\/mixed/ REJECT /^Content-(Disposition|Type):.*name="?.*\.(bat|com|pif|vb|exe|lnk|scr|reg|chm|wsh|js|inf|shs|job|ini|shb|scp|scf|wsc|sct|dll)/ REJECT This should cover almost any kind of worm/trojan/virus that might come through. It is quite restrictive, you it can easily be modified by removing the extension and the trailing pipe in the second line. -- Linh Pham [lplist@closedsrc.org] # Every solution breeds new problems To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011127121006.S59319-100000>