[GTER] Re: [AMaViS-user] HINT : Postfix body_checks virus protection (fwd)

Julio Cesar Covolato julio at psi.com.br
Wed Jan 28 02:18:50 -02 2004

	Outra dica do colega da lista amavis-user.

    _    Julio Cesar Covolato
   0v0   <julio at psi.com.br>
  /(_)\  F: 55-11-3129-3366

> 	To save resources from amavisd+virus scanner, append to postfix
> body_checks:
> /^RSLxwtYBDB6FCv8ybBcS0zp9VU5of3K4BXuwyehTM0RI9IrSjVuwP94xfn0wgOjouKWzGXHVk3qg$/
>    REJECT VIRUS (sobig.f)
>    REJECT VIRUS (W32/Swen at MM)
> /AAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g/
>    REJECT VIRUS (W32/Bagle at MM)
> /^(UEsDBAoAAAAAA|ApIAUCZKAEAD\/bJpmiwQBPQl6AEAS85pmm7ZH8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf)/
>    REJECT VIRUS (W32/Mydoom at MM)

Another hint:
If you have postfix 2.0x you should use DISCARD instead of REJECT so
you don't cause some other MTA to bounce to the forged sender.

This feature alone is worth the minimal trouble to upgrade.

Mydoom/Novad/SCO worm delivers both direct-to-mx and through the victim's
mail host, so the worm may arrive at your server via a real
non-infected mail server.  A reject to them will cause them to bounce
to the forged sender.

So be a good netizen and DISCARD any positively identified viruses.

Noel Jones

The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
AMaViS-user mailing list
AMaViS-user at lists.sourceforge.net

More information about the gter mailing list