On Thu, 2004-01-29 at 14:20, Orlando Andico wrote: > On Thu, 29 Jan 2004, Jimmy Lim wrote: > .. > > > # W32Doom/Novarg hack > > > /^UEsDBAoAAAAAA/ DISCARD > > > /^TVqQAAMAAAAEAAAA/ DISCARD > > > > I've tried that regexp body checks, but the /^UEsDBAoAAAAAA/ won't allow > > valid users to send zip attachment. I guess amavis-new+(any antivirus) > > Yes you are right. :) > Right now after 3 days of 40+ load average on 4 smtp servers, I'm glad for > anything that will reduce the load. > > Here's a better one (which I haven't tried yet). > > /^RSLxwtYBDB6FCv8ybBcS0zp9VU5of3K4BXuwyehTM0RI9IrSjVuwP94xfn0wgOjouKWzGXHVk3qg$/ > DISCARD VIRUS (sobig.f) > > /^ZGUuDQ0KJAAAAAAAAAB\+i6hSOurGATrqxgE66sYBQfbKATvqxgG59sgBLerGAdL1zAEA6sYBWPXV$/ > DISCARD VIRUS (W32/[EMAIL PROTECTED]) > > /AAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g/ > DISCARD VIRUS (W32/[EMAIL PROTECTED]) > > /^(UEsDBAoAAAAAA|ApIAUCZKAEAD\/bJpmiwQBPQl6AEAS85pmm7ZH8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf)/ > DISCARD VIRUS (W32/[EMAIL PROTECTED])
I've tried this too, I saw this config at postfix-users at yahoogroups.com, but still no luck to attached a valid zip file (sigh), this MyDoom virus is quite good that makes sysadmins to scratch their head. br -- Jimmy B. Lim IT Operation & Support Team Leader Tricom -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
