Block SOBER at MTA (postfix)
Dhawal Doshy
dhawal at NETMAGICSOLUTIONS.COM
Sun Dec 4 11:22:23 GMT 2005
[ The following text is in the "utf-8" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Hello All,
A simple body check in postfix will reject all sober.u mails. Create a file
/etc/postfix/virus_body_checks with this content:
/^UEsDBAoAAAAAAACQdjPMyus3XtgAAF7YAAAYAAAARmlsZS1wYWNrZWRfZGF0YUluZm8uZXhlTV
qQ/
REJECT VIRUS (W32/Sober.U at MM)
OR download it from here..
http://mx2.netmagicians.com/virus_body_checks
And add this to your /etc/postfix/main.cf
body_checks = regexp:/etc/postfix/virus_body_checks
The string UEsDBAoAAAAAAA.... is the first mime encoded line of the sober.u
variant. This works well for sober but no 100% strike rate (yet) for netsky.
Going forward (if the interest exists) i think we ought to maintain this for
all supported MTAs and all (possible) new virus outbreaks.
- dhawal
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list