Hi,
On Fri, 17 Oct 2003, Matt Kettler wrote:
[...]
>
> The partiuclar message you were testing against is a common virus email..
> SA isn't designed to catch viruses, and has no rules to catch this one.. if
> you really want to catch them, search in the archives of this list for SWEN
> and you should find some people posting rules to catch the swen worm..
>
> However, you'd probably be better off implementing a virus scanner to catch
> most of these things.
Or, if you have control of the your mailserver, rejecting Win32
executables at the MTA level.
I'm not sure where I got the following from (I didn't write it) but the
file below helps Postfix keep viruses off my system. It's probably similar
to the MICROSOFT_EXECUTABLE eval test in SA.
Probably the easiest and safest thing for Hendrik to do is to set
score MICROSOFT_EXECUTABLE 4.9
Anyone who has a legitimate reason for mailing you a Win32 executable
should also know enough to put it in a zip archive first. It's
inconvenient but the cost of zipping it first is minor compared to the
cost of not filtering Win32 binaries.
hth,
-- Bob
#
/^Content-(?:Disposition:\s+attachment;|Type:).*\b(?:file)?name\s*=.*\.(?:
ad[ep] |
asd |
ba[st] |
chm |
cmd |
com(?=$|") |
cpl |
crt |
dll |
eml |
exe |
hlp |
hta |
in[fs] |
isp |
jse? |
lnk |
md[betw] |
ms[cipt] |
nws |
ocx |
ops |
pcd |
p[ir]f |
reg |
sc[frt] |
sh[bsm] |
swf |
url |
vb[esx]? |
vxd |
ws[cfh] |
\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}
)\b/x REJECT Windows executables not allowed
#__END__
-------------------------------------------------------
This SF.net email sponsored by: Enterprise Linux Forum Conference & Expo
The Event For Linux Datacenter Solutions & Strategies in The Enterprise
Linux in the Boardroom; in the Front Office; & in the Server Room
http://www.enterpriselinuxforum.com
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
