Full Disclosure mailing list archives
Re: Filtering sobig with postfix
From: martin f krafft <madduck () madduck net>
Date: Wed, 20 Aug 2003 12:42:51 +0200
also sprach vogt () hansenet com <vogt () hansenet com> [2003.08.20.1017 +0200]:
in main.cf, enable "body_checks = (filename)". In that (filename) file, write a regular expression matching sobig, e.g. something like /see attached file for details/ REJECT
this incurs a factor 2-4 performance drop, and it could also elicit false positives. you should definitely do more than just REJECT (i.e. write out a message: s/REJECT/554 Suspected virus/). also, this is more the job of a content filter than of an MTA. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! no micro$oft components were used in the creation or posting of this email. therefore, it is 100% virus free and does not use html by default (yuck!).
Attachment:
_bin
Description:
Current thread:
- Filtering sobig with postfix vogt (Aug 20)
- Re: Filtering sobig with postfix martin f krafft (Aug 20)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 20)
- Re: Filtering sobig with postfix Valdis . Kletnieks (Aug 20)
- <Possible follow-ups>
- RE: Re: Filtering sobig with postfix Joshua Thomas (Aug 20)
- Re: Re: Filtering sobig with postfix securdz (Aug 21)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
- RE: Re: Filtering sobig with postfix Joshua Thomas (Aug 21)
- RE: Re: Filtering sobig with postfix Paul Szabo (Aug 21)
- Re: Filtering sobig with postfix martin f krafft (Aug 20)