Full Disclosure mailing list archives
AW: Re: Filtering sobig with postfix
From: vogt () hansenet com
Date: Thu, 21 Aug 2003 14:05:49 +0200
Yep, as the OP is using postfix, he could use the header_checks directive, which can identify MIME headers, so he can easily stop this worm. Just check for Content-Disposition header and block everything with .pif in filename.
Thought about that, but doesn't quite work. The headers only say multipart/mime. The .pif part comes later in the attachment. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: Re: Filtering sobig with postfix vogt (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- Re: Re: Filtering sobig with postfix gregh (Aug 20)
- <Possible follow-ups>
- AW: Re: Filtering sobig with postfix vogt (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- AW: Re: Filtering sobig with postfix vogt (Aug 21)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
- Re: Re: Filtering sobig with postfix Irwan Hadi (Aug 21)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
- Re: Re: Filtering sobig with postfix Robert Banniza (Aug 23)
- Re: Re: Filtering sobig with postfix Andrew J Caines (Aug 23)