lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: Re: Filtering sobig with postfix


> -----Original Message-----
> From: Craig Pratt [mailto:craig@...ong-box.net] 
> Sent: Thursday, 21 August 2003 5:52 p.m.
> To: Bojan.Zdrnja@....hr
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Re: Filtering sobig with postfix
> 
> You'd better check for a lot more than just .pif files. .scr and .exe 
> files are critical as well.

Of course, the list is much longer, but original question was about stopping
Sobig-F, which sends itself only as a .pif file.

> If you want to really filter stuff, look at something like MailScanner 
> (http://www.mailscanner.info) which has file-type/mime-type 
> checking as 
> just the first line of defense. The power and configurability of this 
> system is amazing. It works with postfix and sendmail, and lots of 
> virus scanners - if you choose to integrate one.

For combination with postfix, I'd suggest amavisd-new. It has very good
performance, includes spamassassin for spam filtering and works really nice.

Regards,

Bojan Zdrnja

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ