AW: Filtering sobig with postfix

[vogt () hansenet com]

> > /see attached file for details/     REJECT
> >
> > ever since, I've not had a single one coming through.
>
> The reason this one works for the worm writers is because 
> it's standard English
> usage - as a result, it's *very* prone to false positives.  
> And you give no indication
> of *why* the file was rejected, so the sender has no idea 
> that if he re-sends but
> says "Hey check out the file for the long version" instead it 
> will get through.

It ain't perfect, but it works. I'll probably remove it once
this storm has blown over. I wanted to share it because it is
easy to implement and works like charm.

The improved version:

/see attached file for details/ 554 Refusing to accept your virus e-mail

should solve the problem that the sender has no idea why his
mail was rejected.


Tom Vogt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html