Re: [Qmail-scanner-general]Password Protected Attachments

[Ted Fines]

Here are the Bagle-related entries in my 
/var/spool/qmailscan/quarantine-attachments.txt.  They, in addition to 
rejecting all executable content with Russ Nelson's qmail-smtpd-viruscan 
patch, and rejecting all .pif files (with other lines in 
quarantine-attachments.txt), have been very effective for us.  Remember 
these are all tab delimited.

Ted

# All Bagle related
management@|[EMAIL PROTECTED]|[EMAIL PROTECTED] 
Virus-MAILFROM:Bagle-H/I
E-mail account disabling warning        Virus-Subject:  Bagle-H/I
E-mail account security warning.        Virus-Subject:  Bagle-H/I
Email account utilization warning.      Virus-Subject:  Bagle-H/I
Important notify about your e-mail account.     Virus-Subject:  Bagle-H/I
Notify about using the e-mail account.  Virus-Subject:  Bagle-H/I
Notify about your e-mail account utilization.   Virus-Subject:  Bagle-H/I
Warning about your e-mail account.      Virus-Subject:  Bagle-H/I
Weah, hello! :-\)       Virus-Subject:  Bagle-H/I
Weeeeee! ;\)\)\)        Virus-Subject:  Bagle-H/I
Hi! :-\)        Virus-Subject:  Bagle-H/I
ello! =\)\)     Virus-Subject:  Bagle-H/I
Hey, ya! =\)\)  Virus-Subject:  Bagle-H/I
\^_\^ meay-meay!        Virus-Subject:  Bagle-H/I
\^_\^ meay-meay!        Virus-Subject:  Bagle-H/I
\^_\^ mew-mew \(-:      Virus-Subject:  Bagle-H/I
Hokki =\)       Virus-Subject:  Bagle-H/I
Attach.zip      0       Bagle-H/I
AttachedDocument.zip    0       Bagle-H/I
AttachedFile.zip        0       Bagle-H/I
Document.zip    0       Bagle-H/I
Info.zip        0       Bagle-H/I
Information.zip 0       Bagle-H/I
Letter.zip      0       Bagle-H/I
Msg.zip 0       Bagle-H/I
MsgInfo.zip     0       Bagle-H/I
Message.zip     0       Bagle-H/I
MoreInfo.zip    0       Bagle-H/I
Readme.zip      0       Bagle-H/I
Text.zip        0       Bagle-H/I
TextDocument.zip        0       Bagle-H/I
TextFile.zip    0       Bagle-H/I
# End all Bagle related



--On Wednesday, March 03, 2004 12:00 PM -0500 Ein Bielaczyc 
<[EMAIL PROTECTED]> wrote:

I have lots of nice warm bagles over here...

Forgive me, I have searched through the list's archives but I didn't
find a definitive answer to this riddle. How can I block password
protected attachments, i.e. ZIPs, RARs, etc.?
I am using ClamScan with Qmail-Scanner and so far have had very
favorable results, with this one exception. I really like that my users
are compressing and requesting things be compressed before they are
sent. But having the Worm.Bagle stuck inside a ZIP I can't truly scan
poses a serious problem.
Ein Bielaczyc
Network Administrator
Walled Lake Consolidated Schools






-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general