I received multiple virus mails today (many of microsoft ;) ) I'm not sure they were coming from this list as it is a general mailbox...
Jan ----- Original Message ----- From: "Peter Ruskin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 13, 2004 7:20 PM Subject: Re: [gentoo-user] Virus's > On Wednesday 07 Jan 2004 15:15, Jonathan Nichols wrote: > > Dennis Freise wrote: > > > On Tue, 06 Jan 2004 22:14:47 -0500 > > > > > > Nicholas Hockey <[EMAIL PROTECTED]> wrote: > > >>does anybody else on this mailing list get slammed by the > > >> "Microsoft Update" virus going around, i'm trying to figure out > > >> why i get nailed by it all the time, and i apologize for the > > >> apparent list spam. ( i believe the virus is called swen or gibe > > >> ) > > > > Hrm, never seen it. OH, that one with the fake "Windows patch?" > > > > Here's how to kill it 99% of the time: > > > > /name=[^>]*\.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp > >|hta|inf|ins|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|op > >s|p > > cd|pi|pif|prf|reg|scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd| > >wab|wsc|wsf|wsh)/ REJECT Potentially dangerous file attachment. Please > > do > > not include any executable attachments in your email. > > > > Add to "header_checks" in /etc/postfix > > > > Run "postmap /etc/postfix/header_checks" > > You don't have to postmap the checks files.. They are regexp and/or > pcre, and don't need to be in db format. > > If you do run `postmap /etc/postfix/header_checks` you'll see warnings. > > I received the above advice from Jeffrey Posluns <[EMAIL PROTECTED]> when > I emailed him about the warnings. > > > > Add "header_checks = regexp:/etc/postfix/header_checks" to > > /etc/postfix/main.cf > > > > You would be absolutely amazed at the amount of internet cruft that > > header_checks file keeps out. :) Even if you do see the email slip > > through, it won't have the virus payload. > > SpamAssassin usually tags the virus email anyway. > > > > Take a look at http://www.securitysage.com for more information. Note > > that this is for Postfix, if you're using qmail or sendmail, it'll be > > different. :D > > > Peter > -- > ====================================================================== > Gentoo Linux: Portage 2.0.49-r20 (default-x86-1.4, gcc-3.2.3, > glibc-2.3.2-r3, 2.6.1-gentoo-w4l) i686 AMD Athlon(tm) XP 3200+ > ====================================================================== > > > -- > [EMAIL PROTECTED] mailing list > -- [EMAIL PROTECTED] mailing list
