Filtering by subject line is similar to using a screen door to block a flood. If you can't put in a real virus scan at the mail server level, Building a list of executable file name extensions might be an alternative. The subject lines list is much too dynamic. Here is a list of potential "dangerous cargo" to consider, I found on http://www.slipstick.com/outlook/esecup.htm: File extension File type .ade Microsoft Access project extension .adp Microsoft Access project .asx Windows Media Audio or Video shortcut (blocked only in Outlook 2002 builds earlier than 10.0.3005.x) .bas Visual Basic class module .bat Batch file .chm Compiled HTML Help file .cmd Windows NT Command script .com MS-DOS program .cpl Control Panel extension .crt Security certificate .exe Program .hlp Help file .hta HTML program .inf Setup Information .ins Internet Naming Service .isp Internet Communication settings .js JScript Script file .jse Jscript Encoded Script file .lnk Shortcut .mda Microsoft Access add-in program (blocked only in Outlook 2002) .mdb Microsoft Access program .mdt Microsoft Access workgroup information (blocked only in Outlook 2002 SP-1 and later) .mdw Microsoft Access workgroup information (blocked only in Outlook 2002 SP-1 and later) .mde Microsoft Access MDE database .mdz Microsoft Access wizard program .msc Microsoft Common Console document .msi Windows Installer package .msp Windows Installer patch .mst Visual Test source files .ops Office XP settings (blocked only in Outlook 2002 SP-1 and later) .pcd Photo CD image .pif Shortcut to MS-DOS program .prf Microsoft Outlook profile settings (blocked only in Outlook 2002) .reg Registration entries .scf Windows Explorer command (blocked only in Outlook 2002) .scr Screen saver .sct Windows Script Component .shb Shell Scrap Object .shs Shell Scrap Object .url Internet shortcut .vb VBScript file .vbe VBScript encoded script file .vbs Visual Basic Script file .wsc Windows Script Component .wsf Windows Script file .wsh Windows Script Host Settings file -----Original Message----- From: owner-crime@/var/spool/majordomo/lists/crime [mailto:owner-crime@/var/spool/majordomo/lists/crime]On Behalf Of Steve Nichols Sent: Wednesday, May 22, 2002 3:38 AM To: Owner-Crime Subject: CRIME Virus list Anyone know of a list of all virus subject line? I'm trying to write a sendmail Check_Subject rule to filter the incomming email's. I can do something like this (it's rough but you should get the idea) F{Virus} /var/log/virus HSubject: $>Check_Subject D{MPat} R<$={Virus}> D{MMsg}This message may contain a Virus. It has been rejected by our Server. SCheck_Subject R${MPat} $* $#error $: 550 ${MMsg} RRe: ${MPat} $* $#error $: 550 ${MMsg} But I need a list of all subjects associated with viri. Steven Nichols Network and Systems Administrator Internet and NOC Manager VALLEY INTERNET COMPANY 1709 NE 27th Street, Suite C McMinnville, Oregon 97128 503-565-5030 or 800-909-9078 (toll-free) "Pay no attention to the folks behind the curtain..." PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:25 PDT