Sobig.F resurgence

Dustin Baer dustin.baer at IHS.COM
Fri Sep 5 21:34:44 IST 2003


> ><snip>
> >LOCAL_RULESETS
> >
> ># Reject all mail with Sobig subjects.
> >HSubject:               $>Check_subject
> >D{Msobig1}That movie
> >D{Msobig2}Wicked screensaver
> >D{Msobig3}Your application
> >D{Msobig4}Approved
> >D{Msobig5}My details
> >D{Msobig6}Details
> >D{Msobig7}Thank you!
> >D{Msobig8}Returned mail: see transcript for details
> >D{Mmsg} Possible Sobig-F Virus - Please change subject
> >
> >SCheck_subject
> >R${Msobig1} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig1} $*      $#error $: 550 ${Mmsg}
> >R${Msobig2} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig2} $*      $#error $: 550 ${Mmsg}
> >R${Msobig3} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig3} $*      $#error $: 550 ${Mmsg}
> >R${Msobig4} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig4} $*      $#error $: 550 ${Mmsg}
> >R${Msobig5} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig5} $*      $#error $: 550 ${Mmsg}
> >R${Msobig6} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig6} $*      $#error $: 550 ${Mmsg}
> >R${Msobig7} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig7} $*      $#error $: 550 ${Mmsg}
> >R${Msobig8} $*          $#error $: 550 ${Mmsg}
> >RRE: ${Msobig8} $*      $#error $: 550 ${Mmsg}
> ></snip>
> >
> >This was suggested on the list several days back and has been working very
> >well.
> >May I remind you that the white gaps in text above are tabs and not simply
> >spaces.
> >Run your .mc through m4 and then restart MailScanner.



To anyone who is doing the above:

With all the complaints about how much email traffic is being generated
by virus scanners (thankfully NOT MailScanner) rejecting the SoBig virus
to the spoofed address, why on earth would you want to reject these
subjects?  You are creating just as much INCORRECT rejection traffic.

I have the same list with "$#discard $: discard" and I couldn't care
less if someone doesn't get a "Thank you!" or "Re: Thank you!" message
for a few weeks.

Dustin
--
Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836



More information about the MailScanner mailing list