> -----Original Message-----
> From: Ian C. Sison [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 26, 2001 11:15 PM
> To: [EMAIL PROTECTED]
> Subject: [plug] [ANNOUNCE] POSTFIX header/body_checks repository up
>
>
>
>
> Those of you who are in need of slamming the SMTP door on virus borne
> email the minute the headers arrive may want to check out this page.
>
> Note: header and body checks are much more efficient than AV
> scanning, as
> it conserves more bandwidth in that the entire message need not pass
> through the AV checker which consumes a lot of CPU and memory.
>
I also want to share to PLUGgers my PCRE expression for postfix. I just got
this from somewhere.
Ako na lang ang nagdagdag ng mga extensions. And aside from my body_checks,
I have
amavis-perl and sophos installed. Bury McAfee, it's slow.
/^(Content-(Type|Disposition):.*|\s*(file)?)name=("[^"]*|\S*)\.exe|com|chm|h
ta|jse|reg|shb|shs|vbe|vbs|vxd|scr|pif|bat|lnk|dll|vbs|js)\b/ REJECT
And if you (PLUGger) know of any other malicious attachment, do share the
extension.
I know, this expression is too much but we have what we call security policy
in b&w.
Onie
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
