On Tue, 23 Sep 2003, Vaclav made the net somewhat safer by saying:
Hello,
recently I have introduced to postfix the mime_header_check with the rule to bounce messages including attachments with executable files based on a suggestion in this list. I have tested that and it seemed to work fine. Nevertheless since Sunday I am receiving (and other users of the server, too) many mails containing the w32.swen.A. It's strange, as this mail contains a file xxxx.exe attached. Is there a way to modify the postfix conffiguration to stop these (and may be similar mails in the future) mails? Seems that this type of attachment bypasses somehow this filtre. I have checked the message, and did not find a difference with otrher types of attachments.
Check Ralf Hildebrandts site <http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml> I'm using simpel headerchecks on the Subject and From myself, plus a message_size_limit of 64kB, which seems effective enough. /^Subject:.*Last Net Pack/ DISCARD Possible virus, don't need it anyway /From:.*(microsoft|ms)\s+(internet|corporation|program|technical|customer|email|network)/ DISCARD Possible virus, don't need it anyway /From:.*(customer|security)\s+(assistance|service|bulletin)/ DISCARD Possible virus, don't need it anyway /From:.*network\s+message/ DISCARD Possible virus, don't need it anyway All pcre. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 27N , 4 29 45E. SuSE 8.2 x86 Kernel k_Athlon 2.4.20-4GB See headers for PGP/GPG info.