[vox-tech] Virus deluge
Mark K. Kim
vox-tech@lists.lugod.org
Tue, 27 Jan 2004 17:01:35 -0800 (PST)
Nice. Put it into my procmail. It's catching quite a few spams. Some
are still coming through, so it seems like there are a couple variants,
but this certainly helps. I guess I can catch the others ones with
something similar...
This is the worst MS spam worm so far, at least for my mailbox.
-Mark
On Tue, 27 Jan 2004, Rod Roark wrote:
> I just created and installed a Postfix remedy for the latest
> MS malware outbreak, and thought I'd pass it on. I'm seeing
> a VERY high rate of connections from machines infected with
> this stuff.
>
> In main.cf, insert this:
>
> body_checks=pcre:/etc/postfix/virus_body_checks
>
> Create a file virus_body_checks containing this:
>
> /^TVqQAAMAAAAEAAAA\/\/8AALg/ REJECT Emails with Microsoft executable attachments are not allowed here.
> /^UEsDBAoAAAAAA...OzDKJx\+eAFgAAABYAA/ REJECT Attached zip file appears to contain a virus.
>
> If anyone has an improved solution, let me know, but this
> seems to work.
>
> -- Rod
>
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
--
Mark K. Kim
AIM: markus kimius
Homepage: http://www.cbreak.org/
Xanga: http://www.xanga.com/vindaci
Friendster: http://www.friendster.com/user.jsp?id=13046
PGP key fingerprint: 7324 BACA 53AD E504 A76E 5167 6822 94F0 F298 5DCE
PGP key available on the homepage