[bf1942] OT Protection
g8 at the.whole.net
g8 at the.whole.net
Wed Feb 4 13:26:49 EST 2004
Sure, it doesn't catch some of the newer random names (I added a few
manually) but gets the majority of the obvious ones (it has some other
names in there too left over from sobig):
/^Content-(Disposition|Type):\s+.*?(file)?name="?.*?(your_details|application|document|screensaver|movie|body|data|doc|file|jedppfi|message|pax|qiqzw|readme|smbxaqt|test|text|xou)\.zip/ REJECT
-g8
On Wed, 4 Feb 2004, James Gurney wrote:
> g8 at the.whole.net wrote:
> > alternate MTAs such as Postfix, qmail, or exim. I personally use Postfix
> > (aka IBM Secure Mailer) and a one line regex blocked the virii before
> > they even got to the DATA stage (thus saving bandwidth at the server).
>
> Care to share that regex? I looked into this for my postfix servers, but
> the only header/body checks I could find would essentially block all zip
> files, which I thought was too extreme..
>
> James
>
More information about the Bf1942
mailing list