On Fri, Sep 19, 2003 at 07:42:31AM -0500, John Hasler wrote: | Why not just drop everything with a Microsoft executeable attached?
I do that too (since the end of the sobig.f wave). The next issue is
that not all bounce/reject messages include the attachment. That's
where the bayesian classification is quite effective.
I have
# All .exe files from MSVC have the same starting bytes
/^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA*$/
DISCARD
in /etc/postfix/body_checks.
My daily summary report indicates that 48 messages were discarded
yesterday due to this. (I was wondering what worm Kirk was referring
too! :-)).
-D
--
He who belongs to God hears what God says. The reason you do not hear
is that you do not belong to God.
John 8:47
http://dman13.dyndns.org/~dman/
pgp00000.pgp
Description: PGP signature
