----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 26, 2002 11:05 PM Subject: [plug] block klez worm
> > hi people! > > is there any available script here that will block mails containing klez > worm and its variant. im using postfix. This is what I used in header_checks: /^(Content-Disposition: attachment;.*| Content-Type:.*|\s+)(file)?name="?.*(\.|=2E)(eml|exe|com|chm|hta|jse|reg|sh| shb|shs|vbe|vbs|vxd|scr|pif|bat|lnk|dll|js|asd|wsf|mp*|dot)"?$/ REJECT If mail is uunecoded, you can use this rule as well /^TV[nopqr]....[AB]..A.A....*AAAA...*AAAA/ REJECT /^M35[GHIJK].`..`..*````/ REJECT These are pcre rules btw. Onie _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
