Hello Noah,
Does the same approach could be use with sendmail ? Any examples?
NLM> On Tue, Aug 19, 2003 at 10:56:29PM +0200, Kjetil Kjernsmo wrote:
>>
>> So, I'm wondering, does anybody know about any such approach?
NLM> After getting sick of all the virus crap in my inbox I installed the
NLM> following in /etc/exim/system_filter.txt:
NLM> ## -----------------------------------------------------------------------
NLM> # Attempt to catch embedded VBS attachments
NLM> # in emails. These were used as the basis for
NLM> # the ILOVEYOU virus and its variants - many many varients
NLM> # Quoted filename - [body_quoted_fn_match]
NLM> if $message_body matches
"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Dispo
sition:(?>>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(
?>>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[
NLM>
fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[
NLM> \\\\s;]"
NLM> then
NLM> fail text "This message has been rejected because it has\n\
NLM> a potentially executable attachment $1\n\
NLM> This form of attachment has been used by\n\
NLM> recent viruses or other malware.\n\
NLM> If you meant to send this file then please\n\
NLM> package it up as a zip file and resend it."
NLM> seen finish
NLM> endif
NLM> # same again using unquoted filename [body_unquoted_fn_match]
NLM> if $message_body matches
"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Dispo
sition:(?>>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(
?>>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs
NLM>
]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\
NLM> s;]"
NLM> then
NLM> fail text "This message has been rejected because it has\n\
NLM> a potentially executable attachment $1\n\
NLM> This form of attachment has been used by\n\
NLM> recent viruses or other malware.\n\
NLM> If you meant to send this file then please\n\
NLM> package it up as a zip file and resend it."
NLM> seen finish
NLM> endif
NLM> ## -----------------------------------------------------------------------
NLM> And put
NLM> message_filter = /etc/exim/system_filter.txt
NLM> in /etc/exim/exim.conf
NLM> It seems to be working. I've seen a couple of rejections get logged in
NLM> /var/log/exim/mainlog since I installed it an hour ago. Why these
NLM> rejections don't go to /var/log/exim/rejectlog I don't know, but the
NLM> point is that the junk is not cluttering my mailbox.
NLM> noah
Best regards,
Игорь Ляпин
Международный Банк Развития
+7 095 7300850
+7 095 7300851 (fax)
Игорь mailto:[EMAIL PROTECTED]
