On Mon, Sep 22, 2003 at 11:56:04AM -0700, Ted Roby wrote: > The single part MIME filter doesn't seem to catch it though. What are > others on this list using or doing to blatently block this stuff? There > is no valid .exe I could receive, ever.
I use postfix and this in my body_checks map (really long line coming up): /^b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv/i REJECT Appears to be infected with Swen (http://www.f-secure.com/v-descs/swen.shtml) This matches in the base64 of the exe file for this worm. Don't know if exim has the ability to make decisions based on body contents or not... Only thing that's made it through so far is a couple of copies where the infected exe had been stripped on the way through, leaving the message annoying but without bite. Note that postfix users will probably need to up the depth into the body postfix will search for this to work properly. Bob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
