Hello list,
I just subscribed to submit something which I consider to be usefull.
Based on the link at: http://std.dkuug.dk/keld/virus/header_checks
I created a quarantine-attachments.txt file, attached to this message, which implements the respective filters for bogus antivirus spam.
We all know what AV spam is, a good article which many have already read is at:
http://www.attrition.org/security/rant/av-spammers.html
The file has been tested, but please consider it Beta quality and if you find it usefull please improve it and let me know of any bugs/modifications.
A world without spam is better.
PS: the file contains some nice extension-based blocking rules.
Yours Sincerely, -- Alin-Adrian Anton Spintech Systems GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E) gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
# # Based on http://std.dkuug.dk/keld/virus/header_checks # by Anton Alin-Adrian (aanton [/at] spintech.ro) # # # Sample of well-known viruses that perlscan_scanner can use # # This is case-insensitive, and TAB-delimited. # # ****** # REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after # this file is modified # ****** # # Format: three columns # # filename<TAB>size (in bytes)<TAB>Description of virus/whatever # # OR: # # string<TAB>Header<TAB>Description of virus/whatever # # [this one allows you to match on (e.g.) Subject line. # # NOTE 1: This is the crudest "virus scanning" you can do - we are # arbitrarily deciding that particular filenames of certain sizes contain # viruses - when they may not. However this can be useful for the times # when a new virus is discovered and your scanner cannot detect it (yet). # # NOTE 2: This is only good for picking up stand-alone viruses like the # following. Macro viruses are impossible to detect with this method as # they infect users docs. # # NOTE 3: Wildcards are supported. This system can also be used to deny # Email containing "bad" extensions (e.g. .exe, .mp3, etc). No other # wildcard type is supported. Be very careful with this feature. With # wildcards, the size field is ignored (i.e. any size matches). # # .exe 0 Executable attachment too large # # That would ban .EXE files from your site (but would # still allow .zip files... # # .mp3 0 MP3 attachments disallowed # # ...would stop any Email containing MP3 attachments passing. # # NOTE 4: No you can't use this to ban any file (i.e. *.*) that's over # a certain size - you should # "echo 10000000 > /var/qmail/control/databytes" # to set the maximum SMTP message size to 10Mb. # # NOTE 5: The second option allows you to match on header. This would allow # you to block Email viruses when you don't know anything else other than # there's a wierd Subject line (or From line, or X-Spanska: header, ...). # Note that it's a case-sensitive, REGEX string, and the system will # automatically surround it with ^ and $ before matching. i.e. if you # want wildcards, explicitly put them in... # # The string _must_be_ "Virus-" followed by the header you wish to match # on - followed by a colon (:). # # e.g. # # Pickles.*Breakfast Virus-Subject: Fake Example Pickles virus # # will match "Subject: Pickles for Breakfast" - and # not "Subject: Pickles - where did you go?" # # # NOTE 6: Similar to the headers option, you can match on the mail ENVELOPE # headers - i.e. "MAIL FROM:" and "RCPT TO:". These are identical to # Virus-<header>, except that the header names are MAILFROM and RCPTTO only. # # e.g. # # [EMAIL PROTECTED] Virus-MAILFROM: Bad mail envelope not allowed here! # # NOTE 7: Another "faked" header - "Virus-TCPREMOTEIP" can be used to match # actions against the IP address of the SMTP client. #
EICAR.COM 69 EICAR Test Virus
Happy99.exe 10000 Happy99 Trojan
zipped_files.exe 120495 W32/ExploreZip.worm.pak virus
ILOVEME Virus-Subject: Love Letter Virus/Trojan
# added by Anton Alin-Adrian to kill bogus antivirus spam messages
.*virus alert.* Virus-Subject: bogus antivirus
.*Virus infection notice.* Virus-Subject: bogus antivirus
.*Incidencia de virus.* Virus-Subject: bogus antivirus
.*Virus - Sujet :.* Virus-Subject: bogus antivirus
.*Virus funnet i sendt melding ".* Virus-Subject: bogus antivirus
.*A virus was detected.* Virus-Subject: bogus antivirus
.*virus found in received message.* Virus-Subject: bogus antivirus
.*Virus in mail from you.* Virus-Subject: bogus antivirus
.*Alerta: Suspeita de virus no E-mail.* Virus-Subject: bogus antivirus
.*Virus found.* Virus-Subject: bogus antivirus
.*Virus gefunden.* Virus-Subject: bogus antivirus
.*Notice: Your mail has been blocked due to a violation.* Virus-Subject: bogus
antivirus
.*Symantec AV.*detected a virus in a document you authored.* Virus-Subject: bogus
antivirus
.*Symantec AntiVirus.*Filtering for Domino detected a virus in a document you.*
Virus-Subject: bogus antivirus
.*Skynet Mail Protection scan results.* Virus-Subject: bogus antivirus
.*Aviso: Detectado v.*rus de e-mail.* Virus-Subject: bogus antivirus
.*NOTIFICATION: Virus stopped.* Virus-Subject: bogus antivirus
.*Virusfertozesi ertesites.* Virus-Subject: bogus antivirus
.*WARNING: YOU MAY HAVE A VIRUS.* Virus-Subject: bogus antivirus
.*Virus found in message.* Virus-Subject: bogus antivirus
.*Unsolicited commercial email rejected.* Virus-Subject: bogus antivirus
.*Invalid content in mail message (message rejected).* Virus-Subject: bogus antivirus
.*virus trovato in un messaggio inviato.* Virus-Subject: bogus antivirus
.*WIRUS w Twoim mailu !.* Virus-Subject: bogus antivirus
.*VIRUS EN SU CORREO.* Virus-Subject: bogus antivirus
.*VIRUS IN YOUR MAIL TO .* Virus-Subject: bogus antivirus
.*To Sender virus found and action taken.* Virus-Subject: bogus antivirus
.*Message Stopped ---- Virus Detected ----.* Virus-Subject: bogus antivirus
.*Wichtiger Hinweis: Virus entdeckt.* Virus-Subject: bogus antivirus
.*File was infected with a virus.* Virus-Subject: bogus antivirus
.*Devolto polo filtro antivirus por: warning.* Virus-Subject: bogus antivirus
.*Your email message was blocked because: Block email in with Dangerous file
Attachments.* Virus-Subject: bogus antivirus
.*Aviso: Detectado v.*rus no e-mail.* Virus-Subject: bogus antivirus
.*\! PELIGRO \! - Virus encontrado en el correo .* Virus-Subject: bogus antivirus
.*Suspicious Attachment.* Virus-Subject: bogus antivirus
.*tipo de arquivo anexo proibido encontrado em mensagem enviada.* Virus-Subject:
bogus antivirus
.*In einer E-Mail wurde ein Virus gefunden .* Virus-Subject: bogus antivirus
.*problem funni.*sendum bo.*um..* Virus-Subject: bogus antivirus
.*VIRUS.*PROBLEM IN IHRER MAIL.* Virus-Subject: bogus antivirus
.*Tipo de arquivo anexo nao permitido! encontrado em mensagem enviad.* Virus-Subject:
bogus antivirus
.*returned due to virus or too large or too many attachment.* Virus-Subject: bogus
antivirus
.*VIRUS NO SEU E-MAIL PARA.* Virus-Subject: bogus antivirus
.*Znaleziono wirusa w Twojej wiadomosci.* Virus-Subject: bogus antivirus
.*Returned due to virus\:.* Virus-Subject: bogus antivirus
.*RAV AntiVirus scan results.* Virus-Subject: bogus antivirus
.*ALANET ANTIVIRUS ALERTA - VIRUS EM SEU EMAIL.* Virus-Subject: bogus antivirus
.*Virus v dokumente Vami odoslanom.* Virus-Subject: bogus antivirus
.*virus in verschickter Nachricht gefunden.* Virus-Subject: bogus antivirus
.*ALERTE - Vous avez envoye un mail avec virus.* Virus-Subject: bogus antivirus
.*ENCONTRADO VIRUS EM SEU EMAIL.* Virus-Subject: bogus antivirus
.*Virus v dokumente Vami odoslanom.* Virus-Subject: bogus antivirus
.*Norton AntiVirus detected a virus in a message you sent.* Virus-Subject: bogus
antivirus
.*Email-ul Dvs contine un Virus \!.* Virus-Subject: bogus antivirus
.*Proxy.* notification.*Virus found in a message.* Virus-Subject: bogus antivirus
.*Vexira Antivirus.*your mail\:.* Virus-Subject: bogus antivirus
.*Virus Detectad.* Virus-Subject: bogus antivirus
.*Non remis \:.* Virus-Subject: bogus antivirus
.*VIRUS RE\:.* Virus-Subject: bogus antivirus
.*ON VIRUST KULDOTT\!.* Virus-Subject: bogus antivirus
.*VIRUS EM EMAIL PARA VOCE.* Virus-Subject: bogus antivirus
.*virus encontrado na mensagem enviada.* Virus-Subject: bogus antivirus
.*Ochrona antywirusowa.* Virus-Subject: bogus antivirus
.*Returned mail\: Possible Virus Infection.* Virus-Subject: bogus antivirus
.*Virus incident.* Virus-Subject: bogus antivirus
.*Virus figyelmeztetes.* Virus-Subject: bogus antivirus
.*Undeliverable\: An email for you contains VIRUSES.* Virus-Subject: bogus antivirus
.*Ecartis command results\: -- Binary.*unsupported file stripped by Ecartis --.*
Virus-Subject: bogus antivirus
.*Advarsel.*Din e-mail indeholder virus.* Virus-Subject: bogus antivirus
.*An email for you contains VIRUSES.* Virus-Subject: bogus antivirus
.*Your mail server sent us a virus.* Virus-Subject: bogus antivirus
.*Illegal attachment type found in sent message.* Virus-Subject: bogus antivirus
.*Nie dostarczono poczty e-mail.* Virus-Subject: bogus antivirus
.*Virus Infection Alert\!.* Virus-Subject: bogus antivirus
.*InterScan NT Alert.* Virus-Subject: bogus antivirus
.*SENDER\! Virus found in message from you\!.* Virus-Subject: bogus antivirus
.*Returned mail: Executable attachment blocked.* Virus-Subject: bogus antivirus
.*BANNED FILENAME IN MAIL TO YOU.* Virus-Subject: bogus antivirus
.*Message Delivery Failure - due to attachments.* Virus-Subject: bogus antivirus
.*WARNING\! Virus detected.* Virus-Subject: bogus antivirus
.*Virusveszely\! Virus warning\!.* Virus-Subject: bogus antivirus
.*Virus Detected by Network Associates, Inc. Webshield SMTP.* Virus-Subject: bogus
antivirus
.*VIRUS NO SEU EMAIL \!\!\!.* Virus-Subject: bogus antivirus
.*Warning Possible Virus Alert \!\!\!.* Virus-Subject: bogus antivirus
.*WARNING\: The message contains a virus\!.* Virus-Subject: bogus antivirus
.*Norton AntiVirus detected and quarantined a virus in a message yo.* Virus-Subject:
bogus antivirus
.*Possible Virus Found in E-Mail.* Virus-Subject: bogus antivirus
.*Aviso de correo.universia.net - Virus encontrado.* Virus-Subject: bogus antivirus
.*Trovato virus nel messaggio.* Virus-Subject: bogus antivirus
.*W Twojej wiadomosci znaleziono wirusa!.* Virus-Subject: bogus antivirus
.*Returned due to virus; was\:.* Virus-Subject: bogus antivirus
.*\{Virus\!\}.* Virus-Subject: bogus antivirus
.*\{Virus?\}.* Virus-Subject: bogus antivirus
.*Znaleziono wirusa w Twojej wiadomosci.* Virus-Subject: bogus antivirus
.*ALERT\: A virus was found on an e-mail sent by you.* Virus-Subject: bogus antivirus
.*WIRUS W TWOJEJ POCZCIE.* Virus-Subject: bogus antivirus
.*"Returned due to virus; was\:".* Virus-Subject: bogus antivirus
.*NAV detected a virus in a document you authored.* Virus-Subject: bogus antivirus
.*Anti-Virus detected a violation in a document you authored.* Virus-Subject: bogus
antivirus
.*-Danger \: Virus Trouv.* Virus-Subject: bogus antivirus
.*Virus found in your message Mail Transaction Failed.* Virus-Subject: bogus antivirus
.*Returned mail: Unacceptable content.* Virus-Subject: bogus antivirus
.*Filter scan result notification from gateway.* Virus-Subject: bogus antivirus
.*SENDER \! Virus found in message from you !.* Virus-Subject: bogus antivirus
.*Warning: message cannot be accepted, message rejected.* Virus-Subject: bogus
antivirus
.*VIRUS in your message.* Virus-Subject: bogus antivirus
.*Binnenkomend virus gedetecteerd.* Virus-Subject: bogus antivirus
.*Binnenkomend bestandstype niet toegestaan.* Virus-Subject: bogus antivirus
.*Znaleziono WIRUSa w liscie od Ciebie !.* Virus-Subject: bogus antivirus
.*Mail refused because of attachment.* Virus-Subject: bogus antivirus
.*ATTENZIONE: Ricevuto VIRUS da.* Virus-Subject: bogus antivirus
.*VIRUS NO SEU MAIL PARA.* Virus-Subject: bogus antivirus
.*Upozornenie: E-mail virus zisteny.* Virus-Subject: bogus antivirus
.*You sent an email that had a virus in it.* Virus-Subject: bogus antivirus
.*VIRUS ENCONTRADO EN SU CORREO.* Virus-Subject: bogus antivirus
.*AVISO DE VIRUS.* Virus-Subject: bogus antivirus
.*VIRUS WARNING.* Virus-Subject: bogus antivirus
.*Virus detected in: MAIL TRANSACTION FAILED.* Virus-Subject: bogus antivirus
.*Sender Note - Inbound Virus Quarantined.* Virus-Subject: bogus antivirus
.*!!! Achtung Virus !!!.* Virus-Subject: bogus antivirus
.*Quarantined Mail: attachment from.* Virus-Subject: bogus antivirus
.*Attachment Blocking.* Virus-Subject: bogus antivirus
.*Attachment block message notification.* Virus-Subject: bogus antivirus
.*Your message was discarded.* Virus-Subject: bogus antivirus
.*virus znaleziono w wyslanej wiadomosci.* Virus-Subject: bogus antivirus
.*Virus d.*tect.* dans le message.* Virus-Subject: bogus antivirus
.*In het door u gestuurde bericht is een virus aangetroffen!!.* Virus-Subject: bogus
antivirus
.*Unallowed attachment in e-mail to.* Virus-Subject: bogus antivirus
.*Atenci.*n: Virus detectado en e-mail.* Virus-Subject: bogus antivirus
.*ALERT: You may have sent a Virus.* Virus-Subject: bogus antivirus
.*Serveur de messagerie - Virus d.*tect.* Virus-Subject: bogus antivirus
.*VIRUS POSLAN SA VASE ADRESE.* Virus-Subject: bogus antivirus
.*VIRUS SENT FROM YOUR ADDRESS.* Virus-Subject: bogus antivirus
.*WARNING-Virus Detected.* Virus-Subject: bogus antivirus
.*Non delivery report: 5.9.5 (Blocked attachment).* Virus-Subject: bogus antivirus
.*Virenchecker Information.* Virus-Subject: bogus antivirus
.*Warning: A possible virus has been detected in one of your messages.* Virus-Subject:
bogus antivirus
.*MailMarshal a detectado un Virus en su mensaje.* Virus-Subject: bogus antivirus
.*You sent potentially unsafe content:.* Virus-Subject: bogus antivirus
.*Security Alert - ScanMail for Lotus Notes.* Virus-Subject: bogus antivirus
.*SAV detected a violation in a document you authored.* Virus-Subject: bogus antivirus
.*VIRUSDELETED;.* Virus-X-Mirapoint-Virus: bogus antivirus
.*smtp;552 we don't accept email with executable content.* Virus-Diagnostic-code:
bogus antivirus
.*Magic OnLine.* Suppression du Virus:.* Virus-Subject: bogus antivirus
.*Tipo de archivo adjunto no permitido encontrado en el mensaje enviado.*
Virus-Subject: bogus antivirus
.*W wiadomosci wyslanej przez Ciebie wykryto WIRUSA.* Virus-Subject: bogus antivirus
.*Symantec Mail Security detected a repairable.* Virus-Subject: bogus antivirus
.*Symantec Mail Security detected that you sent a message containing an executable
file.* Virus-Subject: bogus antivirus
.*Symantec AVF detected an unrepairable virus in a message you sent.* Virus-Subject:
bogus antivirus
.*Symantec Mail Security detected .* unrepairable virus.* in a message you sent.*
Virus-Subject: bogus antivirus
.*Symantec AVF detected a .* virus in a message you sent.* Virus-Subject: bogus
antivirus
.*Virus Found in message.* Virus-Subject: bogus antivirus
.*Warning - Virus detected in email.* Virus-Subject: bogus antivirus
.*virus found in sent message.* Virus-Subject: bogus antivirus
.*Virus Quarantine Notification.* Virus-Subject: bogus antivirus
.*MIMEDefang Notification.* Virus-Subject: bogus antivirus
.*SAV ha rilevato un virus in un documento spedito da.* Virus-Subject: bogus antivirus
.*Virus or Forbidden File Type Warning.* Virus-Subject: bogus antivirus
.*MailMarshal has detected a Virus in your message.* Virus-Subject: bogus antivirus
.*\[Virus detected\].* Virus-Subject: bogus antivirus
.*InterScan MSS has deleted a message.* Virus-Subject: bogus antivirus
.*\[ Alerte Virus \] Vous avez envoy.* un virus !.* Virus-Subject: bogus antivirus
.*You sent an e-mail with a virus, vet couldn't remove the virus.* Virus-Subject:
bogus antivirus
.*your e-mail was infected by a virus.* Virus-Subject: bogus antivirus
.*BitDefender found an infected object.* Virus-Subject: bogus antivirus
.*Illegal attachment type trouve dans le message envoye.* Virus-Subject: bogus
antivirus
.*Inflex scan report.* Virus-Subject: bogus antivirus
.*AntiVir ALERT.* Virus-Subject: bogus antivirus
.*InoculateIT detected the .* virus in Mailbox.* Virus-Subject: bogus antivirus
.*Antigen Notification:Antigen found FILE FILTER.* Virus-Subject: bogus antivirus
.*\[Magic OnLine\] Suppression du Virus:.* Virus-Subject: bogus antivirus
.*Anexos Removidos.* Virus-Subject: bogus antivirus
.*To Sender file blocking settings matched and action taken.* Virus-Subject: bogus
antivirus
.*File Type Attachment Discarded.* Virus-Subject: bogus antivirus
.*Returned due to virus; was:.* Virus-Subject: bogus antivirus
.*Antigen found FILE FILTER=.* Virus-Subject: bogus antivirus
.*Wykryto wirusa w Twoim mailu!:.* Virus-Subject: bogus antivirus
.*Failed mail: message contains virus infected file.* Virus-Subject: bogus antivirus
.*Warning: antivirus system repor.* Virus-Subject: bogus antivirus
.*ATENCION. Usted ha enviado un mail posiblemente infectado.* Virus-Subject: bogus
antivirus
.*MDaemon Warning - Virus Found.* Virus-Subject: bogus antivirus
.*MDaemon Notification -- Attachment Removed.* Virus-Subject: bogus antivirus
.*Disallowed attachment type.* Virus-Subject: bogus antivirus
.*Uwaga: Wykryto wirusa w poczcie.* Virus-Subject: bogus antivirus
.*Uwaga wirus w wiadomosci od.* Virus-Subject: bogus antivirus
.*Uwaga: prawdopodobny wirus lub robak.* Virus-Subject: bogus antivirus
.*Mail rejected: A Virus was detected in the message.* Virus-Subject: bogus antivirus
.*NAV a d.*tect.* un virus dans un document dont vous .*tes l'auteur..* Virus-Subject:
bogus antivirus
.*Mail rejected: A Virus was detected in the message..* Virus-Subject: bogus antivirus
.*Returned due to virus:.* Virus-Subject: bogus antivirus
.*VIRUS in Ihrer Mail an .* - VIRUS in your mail to.* Virus-Subject: bogus antivirus
.*MailMonitor for Exchange has processed a suspicious mail.* Virus-Subject: bogus
antivirus
.*Virenchecker Information.* Virus-Subject: bogus antivirus
.*Returned due to Virus!!! Read the attachment for detail.* Virus-Subject: bogus
antivirus
.*Mahdollinen virushuomautus!.* Virus-Subject: bogus antivirus
.*The .* antivirus system found VIRUS=.* Virus-Subject: bogus antivirus
.*E-mail not delivered -- content violation.* Virus-Subject: bogus antivirus
.*Virus found! Spam.* Virus-Subject: bogus antivirus
.*- Message infect.* Infected E-mail - Sujet .* Subject :.* Virus-Subject: bogus
antivirus
.*You have sent a virus !.* Virus-Subject: bogus antivirus
.*ScanMail Message: To Sender, action taken by attachment blocking.* Virus-Subject:
bogus antivirus
.*Virus intercepted.* Virus-Subject: bogus antivirus
.*Wyniki skanowania systemu antywirusowego.* Virus-Subject: bogus antivirus
.*File blocked - ScanMail for Lotus Notes -->.* Virus-Subject: bogus antivirus
.*Virus found in message to you!.* Virus-Subject: bogus antivirus
.*VIRUS IN YOUR MAIL.* Virus-Subject: bogus antivirus
.*VIRUS VE VASI ZPRAVE pro.* Virus-Subject: bogus antivirus
.*Symantec AntiVirus detected a virus in a document you authored.* Virus-Subject:
bogus antivirus
.*EDP SONDRIO detected a virus in a message you sent. The infected attachment was
deleted..* Virus-Subject: bogus antivirus
.*To Sender file blocking settings matched and action was taken.* Virus-Subject:
bogus antivirus
.*TFS Virus Alert: Re:.* DISCARD Virus detection mail.* Virus-Subject: bogus antivirus
.*returned due to virus or too large or too many attachment.* Virus-Subject: bogus
antivirus
.*ATTENTION: A message you sent was found to contain a VIRUS and has been deleted.*
Virus-Subject: bogus antivirus
.*Suppression du Virus: Mail Delivery.* Virus-Subject: bogus antivirus
.*The Eastman Kodak Anti-virus software deleted the infected attachment.*
Virus-Subject: bogus antivirus
.*LA POSTA CHE INVII E' INFETTA DA VIRUS.* Virus-Subject: bogus antivirus
.*Atenci.*n : Virus de e-mail detectado.* Virus-Subject: bogus antivirus
.*BENACHRICHTIGUNG ZUR MAIL ZUSTELLUNG.* Virus-Subject: bogus antivirus
.*ALERT: Message from .* was purged; Detected worm:.* Virus-Subject: bogus antivirus
.*Virus gefunden in Nachricht.* Virus-Subject: bogus antivirus
.*Rejected Message from SONACA Policy.* Virus-Subject: bogus antivirus
.*Filtering - ESC Filtering System detected a violation in a document you authored.*
Virus-Subject: bogus antivirus
.*Your sent mail had a virus!.* Virus-Subject: bogus antivirus
.*Symantec Mail Security detected that you sent a message containing prohibited
content.* Virus-Subject: bogus antivirus
.*CONTAINS A VIRUS.* Virus-Subject: bogus antivirus
.*Attachments not Delivered by MailScan!.* Virus-Subject: bogus antivirus
.*Virus d.*tect.* dans le message.* Virus-Subject: bogus antivirus
.*Sophos.*wirusa. Virus detected.* Virus-Subject: bogus antivirus
.*Wirus w poczcie od Ciebie.* Virus-Subject: bogus antivirus
.*Az .*n .*ltal k.*ld.*tt lev.*lben v.*rus volt, mely ki lett t.*r.*lve..*
Virus-Subject: bogus antivirus
.*DDAntivirusSystem - Detected a virus in a message addressed to you.* Virus-Subject:
bogus antivirus
.*Virus num mail enviado por si.* Virus-Subject: bogus antivirus
.*WatchDog.* Virus or error detected.* Virus-Subject: bogus antivirus
.*virus trouve dans le message envoye.* Virus-Subject: bogus antivirus
.*Your message was filtered.* Virus-Subject: bogus antivirus
.*\*\*\* VIRUS ALERT \*\*\*.* Virus-Subject: bogus antivirus
.*Attachment removed.* Virus-Subject: bogus antivirus
.*WIRUS W TWOJEJE POCZCIE.* Virus-Subject: bogus antivirus
.*Virus Warning.* Virus-Subject: bogus antivirus
.*ScanMail Message: To Sender, virus found and action taken.* Virus-Subject: bogus
antivirus
.*Virus found in message from you.* Virus-Subject: bogus antivirus
.*Virus no seu email.* Virus-Subject: bogus antivirus
.*Illegal attachment type encontrado em mensagem enviada.* Virus-Subject: bogus
antivirus
.*Piece jointe supprimee.* Virus-Subject: bogus antivirus
.*ALERTE: pi.*ces jointes suspectes.* Virus-Subject: bogus antivirus
.*Seu.*your email tinha.*have virus.* Virus-Subject: bogus antivirus
.*Network Associates Webshield - e-mail Content Alert.* Virus-Subject: bogus antivirus
.*W Twojej wiadomosci znaleziono wirusa!.* Virus-Subject: bogus antivirus
.*Virus found in your message!.* Virus-Subject: bogus antivirus
.*To Sender virus found and action taken.* Virus-Subject: bogus antivirus
.*Virus Detected by Network Associates, Inc.* Virus-Subject: bogus antivirus
.*---- Virus Detected ----.* Virus-Subject: bogus antivirus
.*Virus detected.* Virus-Subject: bogus antivirus
.*Virus Alert.* Virus-Subject: bogus antivirus
.*InterScan NT Alert.* Virus-Subject: bogus antivirus
.*Virus found in the message.* Virus-Subject: bogus antivirus
.*Message quarantined.* Virus-Subject: bogus antivirus
.*VIRUS ALERT!.* Virus-Subject: bogus antivirus
.*Virus found in e-mail.* Virus-Subject: bogus antivirus
.*MDaemon Warning - Virus Found.* Virus-Subject: bogus antivirus
.*Warning: E-mail viruses detected.* Virus-Subject: bogus antivirus
.*ScanMail Message: To Sender virus found.* Virus-Subject: bogus antivirus
.*Norton Anti.*Virus detected.* Virus-Subject: bogus antivirus
.*VIRUS .*IN YOUR MAIL.* Virus-Subject: bogus antivirus
.*Antigen found VIRUS.* Virus-Subject: bogus antivirus
.*Filter incident.* Virus-Subject: bogus antivirus
.*V.*rus figyelmeztet.*s! Virus warning!.* Virus-Subject: bogus antivirus
.*Symantec AVF detected.* Virus-Subject: bogus antivirus
.*Returned due to virus;.* Virus-Subject: bogus antivirus
.*Anti-Virus Notification.* Virus-Subject: bogus antivirus
.*BANNED FILENAME .*IN MAIL FROM YOU.* Virus-Subject: bogus antivirus
.*File blocked - ScanMail for Lotus.* Virus-Subject: bogus antivirus
.*NAV detected a virus.* Virus-Subject: bogus antivirus
.*RAV AntiVirus scan.* Virus-Subject: bogus antivirus
.*VIRUS .+ IN MAIL FROM YOU.* Virus-Subject: bogus antivirus
.*Virus Notification:.* Virus-Subject: bogus antivirus
.*Virus found in a message you sent.* Virus-Subject: bogus antivirus
.*Virus found in sent message.*Net Integrator Virus Alert Virus-Subject: bogus
antivirus
.*VIRUS EN SU CORREO.* Virus-Subject: bogus antivirus
.*Warning: antivirus system report.* Virus-Subject: bogus antivirus
.*MDaemon Notification -- Attachment Removed.* Virus-Subject: bogus antivirus
.*Information - Antivirus.* Virus-Subject: bogus antivirus
.*Symantec AntiVirus detected a violation.* Virus-Subject: bogus antivirus
.*WARNING: YOU WERE SENT A VIRUS.* Virus-Subject: bogus antivirus
.*SAV detected a violation in a document.* Virus-Subject: bogus antivirus
.*MailMarshal has detected a suspect attachment.* Virus-Subject: bogus antivirus
.*A virus was detected in your mail.* Virus-Subject: bogus antivirus
.*Recipient Virus-alert.* Virus-Subject: bogus antivirus
.*Virus Found in message.* Virus-Subject: bogus antivirus
.*E-.*mail viruses detected.* Virus-Subject: bogus antivirus
.*Undelivered mail: VIRUS FOUND.* Virus-Subject: bogus antivirus
.*Quarantined Mail: virus from.* Virus-Subject: bogus antivirus
.*Attenzione Virus.* Virus-Subject: bogus antivirus
.*To Sender virus found.* Virus-Subject: bogus antivirus
.*virus in verschickter Nachricht gefunden.* Virus-Subject: bogus antivirus
.*MailMarshal has detected a Virus in your message.* Virus-Subject: bogus antivirus
.*Virus encontrado en el mensaje enviado.* Virus-Subject: bogus antivirus
.*Security Alert - ScanMail for Lotus Notes.* Virus-Subject: bogus antivirus
.*Virus Infection Alert.* Virus-Subject: bogus antivirus
.*Warning - Virus Detected:.* Virus-Subject: bogus antivirus
.*Skynet Mail Protection scan results.* Virus-Subject: bogus antivirus
.*Virusveszely! Virus warning!.* Virus-Subject: bogus antivirus
.*Virus in mail from you.* Virus-Subject: bogus antivirus
.*Virus infection notice.* Virus-Subject: bogus antivirus
.*Possible virus found in message you sent.* Virus-Subject: bogus antivirus
.*AntiVir ALERT.* Virus-Subject: bogus antivirus
.*Centrale Anti-Virus melding.* Virus-Subject: bogus antivirus
.*Vexira ALERT.* Virus-Subject: bogus antivirus
.*You sent potentially unsafe content.* Virus-Subject: bogus antivirus
.*Hov, du har sendt Jubii en virus !!!.* Virus-Subject: bogus antivirus
.*message from .*virus detect system.* Virus-Subject: bogus antivirus
.*Net Integrator Virus Alert.* Virus-Subject: bogus antivirus
.*Information - Antivirus.* Virus-Subject: bogus antivirus
.*AntiVirus Alert!.* Virus-Subject: bogus antivirus
.*\{ALERTA DE VIRUS\}.* Virus-Subject: bogus antivirus
.*Virus in una mail per lei.* Virus-Subject: bogus antivirus
.*AntiVirus scan results.* Virus-Subject: bogus antivirus
.*ALERTE .*- Vous avez envoye un mail avec virus.* Virus-Subject: bogus antivirus
.*ALERTE.*: un virus a.* Virus-Subject: bogus antivirus
.*ALERT.*! Virus found in your mail.* Virus-Subject: bogus antivirus
.*Anti-Virus Notification.* Virus-Subject: bogus antivirus
.*Antigen Notification.* Virus-Subject: bogus antivirus
.*Antigen found VIRUS.* Virus-Subject: bogus antivirus
.*Antivirus stopped your message.* Virus-Subject: bogus antivirus
.*Email Quarantined Due to Virus.* Virus-Subject: bogus antivirus
.*Failed to clean virus file.* Virus-Subject: bogus antivirus
.*Inflex scan report.* Virus-Subject: bogus antivirus
.*InterScan NT Alert.* Virus-Subject: bogus antivirus
.*MMS Notification.* Virus-Subject: bogus antivirus
.*MailSure Virus Alert.* Virus-Subject: bogus antivirus
.*Ochrona antywirusowa.* Virus-Subject: bogus antivirus
.*! Virus Notify !.* Virus-Subject: bogus antivirus
.*SAV detected a violation in a.* Virus-Subject: bogus antivirus
.*VIRUS NO SEU EMAIL.* Virus-Subject: bogus antivirus
.*Virus Check Alert.* Virus-Subject: bogus antivirus
.*Virus Notification from Redstone.* Virus-Subject: bogus antivirus
.*Virus Quarantine Notification.* Virus-Subject: bogus antivirus
.*Virus in Ihrer Nachricht.* Virus-Subject: bogus antivirus
.*Votre message contient un virus.* Virus-Subject: bogus antivirus
.*Warning.*: E-mail viruses detected.* Virus-Subject: bogus antivirus
.*WorldSecure Server notification.* Virus-Subject: bogus antivirus
.*\[SmartFilter\] Virus Alert.* Virus-Subject: bogus antivirus
.*\[Virus detected\].* Virus-Subject: bogus antivirus
.*virus trouve dans le message envoye.* Virus-Subject: bogus antivirus
.*virus trovato in un messaggio inviato.* Virus-Subject: bogus antivirus
.*EMAIL-ABSENDER ACHTUNG! VIRUS in versendeter Email gefunden!.* Virus-Subject:
bogus antivirus
.*tipo de arquivo anexo proibido encontrado em mensagem enviada.* Virus-Subject:
bogus antivirus
.*In einer E-Mail wurde ein Virus gefunden.* Virus-Subject: bogus antivirus
.*A virus was detected in.* Virus-Subject: bogus antivirus
.*A mail you send contained a virus.* Virus-Subject: bogus antivirus
.*Violazione di contenuto.* Virus-Subject: bogus antivirus
.*WARNING. You tried to send a potential virus or unauthorised code.* Virus-Subject:
bogus antivirus
.*Violacao de Conteudo.* Virus-Subject: bogus antivirus
.*Mail with blocked attachmenttype found in Mail with subject.* Virus-Subject: bogus
antivirus
.*Virus found in a message you sent.* Virus-Subject: bogus antivirus
.*! PELIGRO ! - Virus encontrado en el correo.* Virus-Subject: bogus antivirus
.*! WARNING ! - Virus.* Virus-Subject: bogus antivirus
.*ravmd.* Virus-X-Mailer: bogus antivirus
.*was_infected.* Virus-X-ELTE-VirusStatus: bogus antivirus
.*Sophos antivirus plugin.* Virus-X-Auto-Generated: bogus antivirus
.*NetMail AntiVirus Agent.* Virus-X-Sender: bogus antivirus
.*Symantec Antivirus Scan - Virus found.* Virus-X-Scanned: bogus antivirus
.*Found to be infected.* Virus-X-MailScanner: bogus antivirus
.*Repaired.* Virus-X-Virus-Scan-Result: bogus antivirus
message/partial.* Virus-Content-Type: Message/partial MIME
attachments blocked by policy
#The following matches Date: headers that are over 100 chars in length
#these are impossible in the wild
.{100,} Virus-Date: MIME Header Buffer Overflow
.{100,} Virus-Mime-Version: MIME Header Buffer Overflow
.{100,} Virus-Resent-Date: MIME Header Buffer Overflow
#
#Let's stop that nasty BadTrans virus from uploading your keystrokes...
[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL
PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]
Virus-To: BadTrans Trojan exploit!
#
# These are examples of prudent defaults to set for most sites.
# Commented out by default
# List improved by Anton Alin-Adrian
# dangerous:
.vbs 0 VBS file
.lnk 0 LNK file
.scr 0 SCR file
.wsh 0 WSH file
.hta 0 HTA file
.pif 0 PIF file
.exe 0 EXE file
.bat 0 BAT file
.com 0 COM file
.js 0 JS file
.chm 0 CHM file
.hlp 0 HLP file
.reg 0 REG file
.shs 0 SHS file
.vbe 0 VBE file
.wsf 0 WSF file
#forbidden fruit
.mp3 0 MP3 file
.mpg 0 MPG file
.mpeg 0 MPEG file
.avi 0 AVI file
.rm 0 RM file
.wav 0 WAV file
.ogg 0 OGG file
.wma 0 WMA file
.asf 0 ASF file
.asx 0 ASX file
.mov 0 MOV QuickTime file
.qt 0 QuickTime file
# ******
# REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after
# this file is modified
# ******
#
# EOF
