Fwd: [unisog] procmail rule: sobig.f
Timothy VanFosson
timv at CCAD.UIOWA.EDU
Thu Aug 21 21:45:43 IST 2003
I just saw this on the UNISOG mailing list. Looks like changing to a
custom header IS a good idea.
tv
--------------- Text of forwarded message ---------------
>I just broke down and installed this sendmail ruleset. It's not
>perfect, in that I do know of legitimate mail from real MailScanner
>installations that will match it, but given I have only a handful of
>those examples and on the order of 80,000 Sobig.F messages (8
>*gigabytes* of infected mail traffic) handled by our existing procmail
>virus defuser in the past few days, we decided the tradeoff was worth
>it.
>
>HX-MailScanner: $>Check_Sobig
>SCheck_Sobig
>R Found to be clean $#error $@ 5.5.3 $: "Rejecting probable Sobig.F
>message"
>R $* $@OK
--
Timothy VanFosson, Manager E-mail: timv at ccad.uiowa.edu
Computing Services, Web Master WWW: http://www.ccad.uiowa.edu/~timv/
Center for Computer-Aided Design US Mail: The University of Iowa
Phone: (319) 335-6298 208 ERF
FAX: (319) 384-0542 Iowa City, Iowa 52242
What good is it for a man to gain the whole world, yet forfeit
his soul? Or what can a man give in exchange for his soul?
More information about the MailScanner
mailing list