Axp-List Archive
Re: VBS virus to a Linux mail list? (was Re: Homepage)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Kurt Ludwig: "RE: Homepage"
• Previous message: Linus Gasser: "Re: Homepage"
• In reply to: Mark Arrasmith: "VBS virus to a Linux mail list? (was Re: Homepage)"
• Next in thread: Kurt Ludwig: "RE: Homepage"
• Reply: Mike Tibor: "Re: VBS virus to a Linux mail list? (was Re: Homepage)"

On Wed, 9 May 2001, Mark Arrasmith wrote:

> Of course this reminds me that I need to walk around the department and
> update virus.dat files. What a waste of time. :(

If you have procmail on your mailserver, you can do something like:

:0
* ^Content-type: (multipart/mixed|application/octet-stream)
{
        :0 HB:
        * ^Content-Disposition: attachment;
        * filename=".*\.(naked.*exe|hta|pif|scr|shs|vbs|vbe|wsf|wsh)"
        * !^TO.*postmaster
        * !^FROM_DAEMON
        /home/arrasmith/mail/suspicious
}

It shouldn't cause too much of an additional load on a busy server since
it only checks message bodies if there's a mime attachment present.

Mike

-- 
Mike Tibor         Univ. of Alaska Anchorage    (907) 786-1001 voice
Network Technician     Consortium Library         (907) 786-6050 fax
tibor@lib.uaa.alaska.edu       http://www.lib.uaa.alaska.edu/~tibor/
http://www.lib.uaa.alaska.edu/~tibor/pgpkey  for PGP public key
_______________________________________________
Axp-list mailing list
Axp-list@redhat.com
https://listman.redhat.com/mailman/listinfo/axp-list

• Next message: Kurt Ludwig: "RE: Homepage"
• Previous message: Linus Gasser: "Re: Homepage"
• In reply to: Mark Arrasmith: "VBS virus to a Linux mail list? (was Re: Homepage)"
• Next in thread: Kurt Ludwig: "RE: Homepage"
• Reply: Mike Tibor: "Re: VBS virus to a Linux mail list? (was Re: Homepage)"

This archive was generated by hypermail version 2a22 on Fri Jun 1 04:36:13 2001 PDT
Send any problems or questions about this archive to webmaster@alphalinux.org.