| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: robert at rootprompt.net (Robert Banniza) Subject: Re: Filtering sobig with postfix Sorry if this has already been posted as I haven't read the full thread. However, I'm blocking SoBig with the following entry in body_checks: /(filename|name)=.*\.((doc|zip|exe|xls|jpg|gif|png|pdf)\.exe|bat|asd|chm|com|dll|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shs|vb|vbe|vbs|vxd|wsf|wsh)/ reject Robert On Thu, Aug 21, 2003 at 07:05:49AM -0500, vogt@...senet.com wrote: > > Yep, as the OP is using postfix, he could use the > > header_checks directive, > > which can identify MIME headers, so he can easily stop this worm. > > Just check for Content-Disposition header and block > > everything with .pif in > > filename. > > Thought about that, but doesn't quite work. The headers only say > multipart/mime. The .pif part comes later in the attachment. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs Email > Security System. For more information on a proactive email security > service working around the clock, around the globe, visit > http://www.messagelabs.com > ________________________________________________________________________ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists