[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Asrg] Zombie spam
"Alan DeKok" <aland at ox.org> wrote:
>Tony Finch <dot at dotat.at> wrote:
>>
>> I have had some success with running an anti-virus scanner over all the
>> email passing through my relays.
>
> Heck, check for:
>
>/^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\ *"?.*\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wmf)"?\ *$/ REJECT attachment type not allowed
We do something like that as well, but there have been viruses
recently which occupy zip files (which we can't block because of past
recommendations to our users which painted us into a corner) and at
least one which uses an exploit that requires no attachment at all.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
FORTIES CROMARTY FORTH TYNE WEST DOGGER: SOUTHERLY BACKING SOUTHEASTERLY 4 OR
5, OCCASIONALLY 6 LATER IN TYNE. RAIN OR SHOWERS. GOOD OCCASIONALLY MODERATE.
_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg