On Tue, 02 Mar 2004 at 11:18:25 -0700, Support ePaxsys/FRWS wrote: > Maybe OT - but its a decent interim fix so people can continue sending > large(r) Zips. > > SO - not sure if this is OT or what, but if you use procmail as the > delivery agent on your system, this rule below will catch the ZIPs under > 250k in size and having 'password:' somewhere in the body. > Not perfect, not guaranteed - but its been working for us. If I knew how > large or how small these attachments were, we could obviously adjust the > size. [...]
Usually messages with various Bagles are between 20 KB and 35 KB in size. Attachments themselves (decoded) are between 15 KB and 30 KB.
-- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Thanks Thomas.
Adjusted rule for size less than 55k and another password type line.
So as not to spam the list: http://www.frws.com/jpp/bagle.rc
Enjoy...
Jerome
ePaxsys/FRWS Technical Staff ePaxsys, Inc. http://www.epaxsys.net FRWS: http://www.frws.com Live Text Support: http://www.epaxsys.net/live-help
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
