[GTER] Re: [AMaViS-user] HINT : Postfix body_checks virus protection (fwd)
Julio Cesar Covolato
julio at psi.com.br
Wed Jan 28 02:18:50 -02 2004
Outra dica do colega da lista amavis-user.
-----------------------------
_ Julio Cesar Covolato
0v0 <julio at psi.com.br>
/(_)\ F: 55-11-3129-3366
^ ^ PSI INTERNET
-----------------------------
....
> To save resources from amavisd+virus scanner, append to postfix
> body_checks:
>
> /^RSLxwtYBDB6FCv8ybBcS0zp9VU5of3K4BXuwyehTM0RI9IrSjVuwP94xfn0wgOjouKWzGXHVk3qg$/
> REJECT VIRUS (sobig.f)
>
> /^ZGUuDQ0KJAAAAAAAAAB\+i6hSOurGATrqxgE66sYBQfbKATvqxgG59sgBLerGAdL1zAEA6sYBWPXV$/
> REJECT VIRUS (W32/Swen at MM)
>
> /AAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g/
> REJECT VIRUS (W32/Bagle at MM)
>
> /^(UEsDBAoAAAAAA|ApIAUCZKAEAD\/bJpmiwQBPQl6AEAS85pmm7ZH8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf)/
> REJECT VIRUS (W32/Mydoom at MM)
>
Another hint:
If you have postfix 2.0x you should use DISCARD instead of REJECT so
you don't cause some other MTA to bounce to the forged sender.
This feature alone is worth the minimal trouble to upgrade.
Mydoom/Novad/SCO worm delivers both direct-to-mx and through the victim's
mail host, so the worm may arrive at your server via a real
non-infected mail server. A reject to them will cause them to bounce
to the forged sender.
So be a good netizen and DISCARD any positively identified viruses.
--
Noel Jones
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
AMaViS-user mailing list
AMaViS-user at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
More information about the gter
mailing list