Full Disclosure mailing list archives

AW: Re: Filtering sobig with postfix

From: vogt () hansenet com
Date: Thu, 21 Aug 2003 14:05:49 +0200

Yep, as the OP is using postfix, he could use the 
header_checks directive,
which can identify MIME headers, so he can easily stop this worm.
Just check for Content-Disposition header and block 
everything with .pif in
filename.


Thought about that, but doesn't quite work. The headers only say
multipart/mime. The .pif part comes later in the attachment.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

AW: Re: Filtering sobig with postfix vogt (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- Re: Re: Filtering sobig with postfix gregh (Aug 20)
- <Possible follow-ups>
- AW: Re: Filtering sobig with postfix vogt (Aug 20)
  - Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
  - Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- AW: Re: Filtering sobig with postfix vogt (Aug 21)
  - RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
    - Re: Re: Filtering sobig with postfix Irwan Hadi (Aug 21)
    - RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
  - Re: Re: Filtering sobig with postfix Robert Banniza (Aug 23)
  - Re: Re: Filtering sobig with postfix Andrew J Caines (Aug 23)