-------------------
On Thursday 20 May 2004 13:30, Ilan Aisic wrote:
| First of all, you need to run a virus scanner on your server (such as
| ClamAV from http://www.clamav.net/). Also, I've noticed that the virus in
| the sample that you've shown was a VBS attachements. My logs show me that
| about 65% of all the viruses that we receive are coming in form of file
| attachements (most of them are PIF files).
|
| It's best if you can configure your email server to prohibit some type of
| file extentions altogehter (usually you don't want to accept at least the
| following file types: PIF, EXE, COM, SCR, VBS, COM, BAT). I also don't
| accept VBE, VB, JS, WSF, WSC, REG, URL and CPL.
| My MTA is Exim (http://www.exim.org/) <http://www.exim.org/> and it's
| easily done with exiscan (http://duncanthrax.net/exiscan-acl/).
By the way, that message got tagged as spam by my system! Viz:
X-Spam-Status: Yes, hits=5.7 required=4.0 tests=BAYES_20,BODY_8BITS,
FORGED_OUTLOOK_TAGS,HTML_40_50,HTML_FONTCOLOR_BLUE,HTML_MESSAGE,
HTML_NO_HTML_TAG,HTML_NO_HTML_TAG_2B,HTML_TAG_BALANCE_BODY,
MK_BAD_HTML_04 autolearn=no version=2.63
Otherwise, I'm currently getting no false positives, so I'll regard this one
as amusingly ironic. Fortunately, in Kmail I filter for list messages before
spam messages so I still got to read it... :-)
