On Sat, Jan 31, 2004 at 12:54:19AM +0100, Thomas Luft wrote:
Erik Moeller wrote:
Because of mydoom I strongly recommend using a
procmail filter for
killing attachments *before* they reach SpamAssassin. Before I did so
SA literally killed my system because it hit internal file limits. The
following rule works well:
:0 B
* ^ *Content-Disposition: attachment;
* filename=".*\.(pif|exe|scr|zip|bat|cmd)"
virus
It kills zip files, too, but this shouldn't be a problem for the
mailing list. In fact we might want to filter all mails that contain
attachments - use URLs instead.
I suggest adding .com files, too so the rule would look like this:
:0 B
* ^ *Content-Disposition: attachment;
* filename=".*\.(pif|exe|com|scr|zip|bat|cmd)"
virus
And another one, no failure for months
:0 B:
* -9^0
* 100^0 ^Content-Type: application/x-msdownload; name=\"
* 100^0 ^Content-Type: audio/x-midi; name=\"
* 100^0 ^Content-Type: audio/x-wav; name=\"
* 100^0 ^Content-Type.*name=.*.(exe|com|bat|vbs|js|scr|pif|lnk|zip|doc)
virus
--
http://www.tomk32.de - just a geek trying to change the world
-.-
http://de.wikipedia.org/wiki/Benutzer:TomK32
/|>
http://tomk32.bookcrossing.com
/ \
http://tinyurl.com/u6de