Hi,
> I was just fiddling around and I entered a rule to catch some of the text in
> the MS Security Alert patch but it never seems to go over the threshold.
this is my ruleset.
rawbody SWEN_FNAMES
/(Patch516.exe|Q683158.exe|Q224439.exe)/
describeSWEN_FNAMES
Hi,
> I know I should be using an anti-virus, but it should still work, no?
>
> Well, here's my rule. It looks simple enough to me:
>
> body IAW_GENERAL19_RULE /latest version of security/i
> score IAW_GENERAL19_RULE 20.0
> describe IAW_GENERAL19_RULE This is the GENERAL 19 Rule
>
> I bump
> Here is my procmail rule:
>
> :0B
> * Content-Type: application|Content-Type: audio
> * name=".*.pif"|name=".*.scr"|name=".*.exe"|name=".*.com"
> /tmp/viruses
A similar vein for Postfix users:
In main.cf:
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
In mime_header_checks
ust block
name="*.scr" and name="*.exe"
you should probably be blocking these anyways.
Anyone who needs to send an exe can easily just zip it.
Here is my procmail rule:
:0B
* Content-Type: application|Content-Type: audio
* name=".*.pif"|name=".*.scr"|name=".*.exe"|name=".*.com"
/tmp/viruses
On Fri, Sep 19, 2003 at 02:29:21PM -0400, Frank DeChellis is rumored to have said:
>
> I was just fiddling around and I entered a rule to catch some of the text in
> the MS Security Alert patch but it never seems to go over the threshold.
>
> Has anybody come up with a solid rule for this email w
Hi
I was just fiddling around and I entered a rule to catch some of the text in
the MS Security Alert patch but it never seems to go over the threshold.
Has anybody come up with a solid rule for this email worm?
Is there a way in SPamAssissin to see exactly how an email is weighed?
Frank
-
