On Tue, 06 Jan 2004 22:14:47 -0500 Nicholas Hockey <[EMAIL PROTECTED]> wrote:
does anybody else on this mailing list get slammed by the "Microsoft
Update" virus going around, i'm trying to figure out why i get nailed by
it all the time, and i apologize for the apparent list spam. ( i
believe the virus is called swen or gibe )
Hrm, never seen it. OH, that one with the fake "Windows patch?"
Here's how to kill it 99% of the time:
/name=[^>]*\.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|inf|ins|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|p
cd|pi|pif|prf|reg|scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd|wab|wsc|wsf|wsh)/ REJECT Potentially dangerous file attachment. Please do
not include any executable attachments in your email.
Add to "header_checks" in /etc/postfix
Run "postmap /etc/postfix/header_checks"
Add "header_checks = regexp:/etc/postfix/header_checks" to /etc/postfix/main.cf
You would be absolutely amazed at the amount of internet cruft that header_checks file keeps out. :) Even if you do see the email slip through, it won't have the virus payload.
SpamAssassin usually tags the virus email anyway.
Take a look at http://www.securitysage.com for more information. Note that this is for Postfix, if you're using qmail or sendmail, it'll be different. :D
-Jonathan
-- [EMAIL PROTECTED] mailing list
