<snip> > Hi, > This was exactly the scenario. This new worm can be embedded in a zip > file. Simple Postfix attachment filters don't reject it. </snip>
I disagree, postfix can stop those attachments, if you got a /etc/postfix/mime_header_checks.regexp and it contains this rule /filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\"?$/ REJECT For security reasons we reject attachments of this type /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|zip|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))"?\s*$/ REJECT Attachment type not allowed. File "$2" has the unacceptable extension "$3" they won't come true. and change REJECT in to DROP Patrick -- "Live long and prosper, Spock." -- T'Pau "I shall do neither. I have killed my captain, and my friend." -- Spock Fingerprint = 2792 057F C445 9486 F932 3AEA D3A3 1B0C 1059 273B ICQ# 316932703 Registered Linux User #44550 http://counter.li.org
pgp00000.pgp
Description: PGP signature
