Re: MS BS
On Mon, Sep 22, 2003 at 11:56:04AM -0700, Ted Roby wrote:
> The single part MIME filter doesn't seem to catch it though. What are
> others on this list using or doing to blatently block this stuff? There
> is no valid .exe I could receive, ever.
I use postfix and this in my body_checks map (really long line coming
up):
/^b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv/i REJECT Appears to be infected with Swen (http://www.f-secure.com/v-descs/swen.shtml)
This matches in the base64 of the exe file for this worm. Don't know if
exim has the ability to make decisions based on body contents or not...
Only thing that's made it through so far is a couple of copies where the
infected exe had been stripped on the way through, leaving the message
annoying but without bite.
Note that postfix users will probably need to up the depth into the body
postfix will search for this to work properly.
Bob
Reply to:
- References:
- MS BS
- From: Ted Roby <secalert@tedroby.com>