[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]
Nemo -earth native-
nemo at nut.house.cx
Mon Jan 19 10:37:30 GMT 2004
On Mon, Jan 19, 2004 at 09:15:29PM +1100, Damien Elmes did utter:
> Well, that's a different story. I (incorrectly) assumed that Nemo was
> advocating a solution which generated a new mail back to the sender -
> this is what I find really annoying. Returning an error code during
> the SMTP transaction seems reasonable.
I probably should have followed my first instinct and simply pasted the
relevant code! :)
/^Content-(Disposition|Type):\s+.*?(file)?name="?.+?\.(bat|chm|cmd|com|hta|jse?|pif|scr|shb|vb[sex]|ws[fh]|exe|lnk|bin|ocx)\b/ REJECT 552 Your attachment may contain a virus. If you are intentially sending an attachment, please ZIP it first. Files rejected are .bat .chm .cmd .com .hta .jse? .pif .scr .shb .cb .ws[fh] .exe .lnk .bin .ocx
(I actually have three lines that all match the same types via different
means (config not written by me btw, regexp gives me a headache ;)
Note that killing the message during transaction is great - since it
saves bandwidth over my poor modem link ;)
.../Nemo
--
------------------------------------------ --------------------------
earth native
More information about the linux
mailing list