On Tue, Sep 02, 2003 at 09:39:33PM -0700, Crispin Cowan wrote: > Not without pissing off a whole lot of other people who would > unsubscribe if we started putting ham-handed filters on the list. I > thought of filtering for the obvious subject lines that Sobig sends, but > the subject lines are too short and generic, so such a filter has a > significant chance of trapping legitimate posts. Put the following in /etc/procmailrc (you may have to adjust to your environment, and you may not want to be so aggressive with the extensions): :0 B: * application/octet-stream.*$.*name="?[-a-zA-Z0-9_.]+\.(ad[ep]|ba[st]|chm|cmd|com|cpl|crtexe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])"? $MAILDIR/virus Monitor the virus file for a while, when you convince yourself that there are no false positives, changet the last line to "/dev/null". I use the above filter on the ianaat_private address -- it is getting approximately 35000 virus emails per day. The above filter had zero false positives before I put in the /dev/null. Kent -- Kent Crispin "Be good, and you will be crispinat_private,kentat_private lonesome." p: +1 310 823 9358 f: +1 310 823 8649 -- Mark Twain _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Sep 03 2003 - 09:47:49 PDT