Keith Kikta - iland Internet Solutions wrote: > Anyone got a way to block this new one without having to block zip = > files?
I'm using the following body check: /^UEsDBAoAAAAAA/ REJECT This was the first line of the encoded attachement in all samples I saw. I analyzed a few valid zip files and none started w/that string. A google for that string brought up quite a few procmail and other recipes that block on it as used by viruses. Blocked 14 on that alone in about 20 min. Standard disclaimer applies. -- Chris Scott Host Orlando, Inc http://www.hostorlando.com/
