[vox-tech] the answer to all my virus problems

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
Sun, 21 Sep 2003 11:32:09 -0700 

hi dylan,

the short answer (as in "i want these virus messages to stop RIGHT
NOW!") would be to use the procmail filter i posted.

now, about a better solution.  the postfix way of doing it is all over
the net.  exim seems a bit tougher.  that said, i find it excruciatingly
hard to believe that a popular MTA like exim would have such a gaping
hole in functionality.

i found this:

   http://www.concretecow.com/denny/content/?article=2

but have not gotten it to work yet (there is a bit of a confusion what
the "name" of this computer is, for reasons that are longer than they
are interesting.  that could be messing things up).

hope that helps.  if you figure this out one way or the other, i'd
appreciate it if you could post your results!

pete


On Sun 21 Sep 03, 11:29 AM, dylan <dylan@iici.no-ip.org> said:
> have been lurking for the past few days paying close attention to this
> thread.... however, has anyone figured out how to reject these kind of
> messages at the door with EXIM ?
> 
> i am using a combination of exim and courier (Maildir delivery), and was
> wondering if it would be possible to drop these messages with my
> configuration.
> 
> also, is there any good way to strip HTML from email messages with exim?
> right now, i am running all messages through the a hack of a filter written
> in AWK. it removes a lot of the HTML, however, i can't use something like:
> 
> awk '
> {gsub(/</?[^>]*>/,"\n")}
> {print}
> '
> ...because it mangles some important parts of the actualy messages, such as
> the TO and FROM headers....
> 
> any ideas for an EXIM user who is tired of these stupid email viruses
> wasting my time.
> 
> 
> thanks in advance,
> 
> dylan
> 
> 
> 
> 
> on 03.9.20 4:44 PM, Rod Roark at rod@sunsetsystems.com was reported to have
> writen:
> 
> > On Saturday 20 September 2003 04:24 pm, Rod Roark wrote:
> >> On Saturday 20 September 2003 02:56 pm, p@dirac.org wrote:
> >>> roland smith, whom i met while googling shared a *wonderful* procmail
> >>> recipe that catches windows viruses.
> >> [snip]
> >> 
> >> Cool.  I wonder if there's an easy way to get Postfix to
> >> notice these attachments at the front door, and drop the
> >> connection before all 150K or whatever have been received.
> > 
> > Bwahahahaha!  I found it!  From this Slashdot posting:
> > 
> > http://slashdot.org/comments.pl?sid=79337&cid=7013891
> > 
> > and your email, I deduced to create a file
> > /etc/postfix/rods_body_checks containing the following:
> > 
> > /^TVqQAAMAAAAEAAAA\/\/8AALg/ REJECT Emails containing Microsoft executables
> > are prohibited from this server.
> > 
> > and to add this line to my Postfix configuration file
> > (main.cf):
> > 
> > body_checks=pcre:/etc/postfix/rods_body_checks
> > 
> > It seems to work.  :-)
> > 
> > -- Rod
> > http://www.sunsetsystems.com/
> > 
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> > 
> 
> 
> 
> 
> 
> -- 
> "The world is a dangerous place to live; not because of the people who are
> evil, but because of the people who don't do anything about it."
> -Albert Einstein
> 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D