Date: Fri, 22 Aug 2003 23:42:45 +1000 (EST) From: Rowan Crowe <rowan@sensation.net.au> To: freebsd-isp@freebsd.org Subject: Re: Sendmail and GoBig Message-ID: <Pine.BSF.4.21.0308222339290.27198-100000@satin.sensation.net.au> In-Reply-To: <200308221336.h7MDatYu059699@energistic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 Aug 2003, Steve Ames wrote:
>
> Anyone got a quick sendmail ruleset to block the GoBig worm? A couple
> of machines I help admin got beat pretty hard yesterday...
Steve,
You're in luck. I was just testing this literally 2 minutes ago. Try this:
##
## Common Virus Subjects
##
HSubject: $>Check_Subject
D{VMsg}"Message blocked due to subject line - if this was sent by a human\, please change the subject and resend."
SCheck_Subject
RRe : Approved $#error $: 550 5.7.0 ${VMsg}
RRe : Details $#error $: 550 5.7.0 ${VMsg}
RRe : Re : My details $#error $: 550 5.7.0 ${VMsg}
RRe : Thank you ! $#error $: 550 5.7.0 ${VMsg}
RRe : That movie $#error $: 550 5.7.0 ${VMsg}
RRe : Wicked screensaver $#error $: 550 5.7.0 ${VMsg}
RRe : Your application $#error $: 550 5.7.0 ${VMsg}
RThank you ! $#error $: 550 5.7.0 ${VMsg}
RYour details $#error $: 550 5.7.0 ${VMsg}
Note that you will need to convert the large areas of space to tabs for
sendmail to recognise it.
Disclaimer - not 100% tested yet, but so far it's correctly accepted and
rejected the subject lines I've thrown at it, and it's already eaten up a
couple of real world sobig emails.
Cheers.
--
Rowan Crowe - Melbourne, Australia
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0308222339290.27198-100000>