On Sat, Jan 31, 2004 at 12:54:19AM +0100, Thomas Luft wrote:
Erik Moeller wrote:
Because of mydoom I strongly recommend using a procmail filter for killing attachments *before* they reach SpamAssassin. Before I did so SA literally killed my system because it hit internal file limits. The following rule works well:
:0 B
- ^ *Content-Disposition: attachment;
- filename=".*.(pif|exe|scr|zip|bat|cmd)"
virus
It kills zip files, too, but this shouldn't be a problem for the mailing list. In fact we might want to filter all mails that contain attachments - use URLs instead.
I suggest adding .com files, too so the rule would look like this:
:0 B
- ^ *Content-Disposition: attachment;
- filename=".*.(pif|exe|com|scr|zip|bat|cmd)"
virus
And another one, no failure for months
:0 B: * -9^0 * 100^0 ^Content-Type: application/x-msdownload; name=" * 100^0 ^Content-Type: audio/x-midi; name=" * 100^0 ^Content-Type: audio/x-wav; name=" * 100^0 ^Content-Type.*name=.*.(exe|com|bat|vbs|js|scr|pif|lnk|zip|doc) virus