Kirk Strauser said: > That was way too simple. I've been growing the script as false negatives > trickle in, and the current results are below. By the way, I've come to > the > realization that filtering this with pattern matching is probably an > exercise in futility, but it's still fun to try (and it's blocking several > hundred mails per hour, so that's kind of worthwhile). >
Filtering spam is good :) How's this for simple, just block/filter all email with the body content matching this regexp: /^\s*(Content-(Disposition|Type))?.*(file)?name=".+\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|xl)".*/ I got the idea from: http://sbserv.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml I think it could be tightened up a little more, but it's better (for me) than accepting attachments of all those types. I've got Postfix rejecting these files with a message to zip them if the sender needs to get me the file. That only helps me against the obvious virus sources, not against mime-type spoofing or scripting. Nor does it help against normal spam. I have a procmail invoked Razor check going, but it has some issues. 1) It checks when the email is recieved rather than minutes/hours later like the SpamNet Outlook client. 2) It returns a single status for the whole message (the version I have installed anyway) so it filters when people use a spam reported background or footer image. Someday I'll get annoyed enough to try Spamassassin again with some of the new filters you can hookd to it. -- Jacob Trying out SquirrelMail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
