Sorry if this has already been posted as I haven't read the full thread. However, I'm blocking SoBig with the following entry in body_checks:
/(filename|name)=.*\.((doc|zip|exe|xls|jpg|gif|png|pdf)\.exe|bat|asd|chm|com|dll|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shs|vb|vbe|vbs|vxd|wsf|wsh)/ reject Robert On Thu, Aug 21, 2003 at 07:05:49AM -0500, [EMAIL PROTECTED] wrote: > > Yep, as the OP is using postfix, he could use the > > header_checks directive, > > which can identify MIME headers, so he can easily stop this worm. > > Just check for Content-Disposition header and block > > everything with .pif in > > filename. > > Thought about that, but doesn't quite work. The headers only say > multipart/mime. The .pif part comes later in the attachment. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs Email > Security System. For more information on a proactive email security > service working around the clock, around the globe, visit > http://www.messagelabs.com > ________________________________________________________________________ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
