--On Thursday, March 18, 2004 4:54 PM +0100 Andrzej Marecki <[EMAIL PROTECTED]> wrote:
Unlike most email viruses, Bagle-Q and Bagle-R worms do not carry email attachments. It's not clear to me whether they get caught on Un*x based mailservers running MIMEDefang + Sophie. Any clues?
So far, you can catch Bagle pretty good by the From: line (not the $Sender, unfortunately, but the header From:). Those of us who open HEADERS anyway can grab the From: address and see if it has
/(staff|management|support|administration|noreply|antispam|antivirus)/
followed by @ and your own domain and tld, e.g. [EMAIL PROTECTED] for our site.
It won't last. But right now it's a quick way to toss them without opening the body at all.
Of course this assumes that you don't send real mail with those addresses in the From: header line.
In general, you might want to disable OBJECT and SCRIPT html tags. I posted code to do this recently. You have to open html parts and rewrite them when they have the tags.
Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
