Mailinglist Archive: opensuse-security (274 mails)

< Previous Next >
AW: [suse-security] IPTables and filtering Traffic based on content ( e.g. sobig )
  • From: "Ulrich Roth" <Roth@xxxxxxxxx>
  • Date: Mon, 25 Aug 2003 09:22:10 +0200
  • Message-id: <047D33E9F294624A972F6A6325C993C204A696@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Hi Bruno,

> does anybody know a short solution how to check if a special
> squence is
> inside a packet ( like the string of sobig ) ?
I guess you want to block Sobig.F before it hits your MTA.
There exist mail filters for sendmail, exim and postfix.
Have a look at this:
http://www.heise.de/newsticker/data/dab-20.08.03-004/
If you have postfix, you shouldn't use the solution suggested
on this page, but use the original solution. There is a link on
the page, but for your convenience I give you the URL in this
mail:
http://sbserv.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml
This one works great for us.
Bye
Uli
--
Ulrich Roth
IMPACT Business & Technology Consulting GmbH
Im Mediapark 8 / K├ÂlnTurm
D-50670 Koeln
Phone +49-221-93 70 80-29
Fax +49-221-93 70 80-15
E-Mail: roth at impact dot de

< Previous Next >
Follow Ups