Full Disclosure mailing list archives
AW: Filtering sobig with postfix
From: vogt () hansenet com
Date: Wed, 20 Aug 2003 15:37:06 +0200
/see attached file for details/ REJECT ever since, I've not had a single one coming through.The reason this one works for the worm writers is because it's standard English usage - as a result, it's *very* prone to false positives. And you give no indication of *why* the file was rejected, so the sender has no idea that if he re-sends but says "Hey check out the file for the long version" instead it will get through.
It ain't perfect, but it works. I'll probably remove it once this storm has blown over. I wanted to share it because it is easy to implement and works like charm. The improved version: /see attached file for details/ 554 Refusing to accept your virus e-mail should solve the problem that the sender has no idea why his mail was rejected. Tom Vogt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: Filtering sobig with postfix vogt (Aug 20)