On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote: > Hi, Mike Hommey wrote: > > helps catching 95%... But the bandwidth is still used... I'm still > > looking for a pure MTA solution... > > A pure MTA solution would still need to scan the body and thus would still > eat your bandwidth.
i have postfix's body_checks setup to reject lines that match the following regular expression (this is the first line of the base64 encoded virus): /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/ i'm not sure when postfix closes the connection, whether its after recieving a matching line, or after the client is done sending data. if the former though, this would be a good "pure" mta solution that doesn't conserve too much bandwidth. as to effectiveness, i've blocked 664 messages since saturday afternoon. i still get some swen messages through, but they have had the virus stripped already, so the message is considerably smaller. -- gram
signature.asc
Description: Digital signature
