Thanks Chris, Most Cool of you to make this Just temporarily I blocked inbound ZIPs yesterday to give our AV server a chance to push our latest dat around and I got this when grepping for *.zip's
[EMAIL PROTECTED] postfix]# grep zip /var/log/maillog.1 Jun 26 12:28:57 mailhub postfix/cleanup[17860]: 87E47982C1: reject: header Content-Type: application/x-zip-compressed;??name="your_details.zip" from omr-m03.mx.aol.com[64.12.138.3]; from=<> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<omr-m03.mx.aol.com>: Restricted File Attachment Jun 26 15:12:11 mailhub postfix/cleanup[18282]: 1A19D982C1: reject: header Content-Type: application/x-zip-compressed;??name="your_details.zip" from omr-m04.mx.aol.com[64.12.138.5]; from=<> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<omr-m04.mx.aol.com>: Restricted File Attachment Thanks again for the kill line -A -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Scott Sent: Friday, June 27, 2003 8:10 AM To: [EMAIL PROTECTED] Subject: [IMGate] sobig header check I put the following header check in about an hour ago (all one line): /^Content-(Type|Disposition):.*(file)?name *= *.*your\_details\.zip(\")?$/ REJECT Email rejected, Sobig virus detected Already blocked six sobig emails. Not sure if this is the best regexp to get them but it seems to work. -- Chris Scott Host Orlando, Inc. http://www.hostorlando.com/
