On Wednesday 07 Jan 2004 15:15, Jonathan Nichols wrote: > Dennis Freise wrote: > > On Tue, 06 Jan 2004 22:14:47 -0500 > > > > Nicholas Hockey <[EMAIL PROTECTED]> wrote: > >>does anybody else on this mailing list get slammed by the > >> "Microsoft Update" virus going around, i'm trying to figure out > >> why i get nailed by it all the time, and i apologize for the > >> apparent list spam. ( i believe the virus is called swen or gibe > >> ) > > Hrm, never seen it. OH, that one with the fake "Windows patch?" > > Here's how to kill it 99% of the time: > > /name=[^>]*\.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp >|hta|inf|ins|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|op >s|p > cd|pi|pif|prf|reg|scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd| >wab|wsc|wsf|wsh)/ REJECT Potentially dangerous file attachment. Please > do > not include any executable attachments in your email. > > Add to "header_checks" in /etc/postfix > > Run "postmap /etc/postfix/header_checks"
You don't have to postmap the checks files.. They are regexp and/or pcre, and don't need to be in db format. If you do run `postmap /etc/postfix/header_checks` you'll see warnings. I received the above advice from Jeffrey Posluns <[EMAIL PROTECTED]> when I emailed him about the warnings. > > Add "header_checks = regexp:/etc/postfix/header_checks" to > /etc/postfix/main.cf > > You would be absolutely amazed at the amount of internet cruft that > header_checks file keeps out. :) Even if you do see the email slip > through, it won't have the virus payload. > SpamAssassin usually tags the virus email anyway. > > Take a look at http://www.securitysage.com for more information. Note > that this is for Postfix, if you're using qmail or sendmail, it'll be > different. :D > Peter -- ====================================================================== Gentoo Linux: Portage 2.0.49-r20 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.6.1-gentoo-w4l) i686 AMD Athlon(tm) XP 3200+ ====================================================================== -- [EMAIL PROTECTED] mailing list
