Date: Tue, 4 Dec 2001 17:32:49 -0600 (CST) From: Christopher Farley <chris@nbrewer.com> To: FreeBSD-gnats-submit@freebsd.org Subject: misc/32525: freebsd-questions should filter out known viruses Message-ID: <20011204233249.91835B751@kraeusen.nbrewer.com>
next in thread | raw e-mail | index | archive | help
>Number: 32525 >Category: misc >Synopsis: freebsd-questions should filter out known viruses >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Dec 04 15:30:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Christopher Farley >Release: FreeBSD 4.4-STABLE i386 >Organization: Northern Brewer, Ltd. >Environment: Not applicable >Description: Lately, freebsd-questions has been receiving (and resending) a large number of email viruses, from the Sircam worm to the latest goner virus. >How-To-Repeat: Subscribe to freebsd-quesitons and count the email viruses! >Fix: Implement Postfix body_checks on the mail server hosting freebsd-questions to filter out attachments containing problematic extensions. My server's rules are pretty aggressive, but in several weeks of filtering all my mail (including freebsd-questions), I have not rejected a valid email. A more conservative ruleset could be adopted, but here's what I use: # Filter out Sircam /^Hi! How are you=3F$/ REJECT /^Hola como estas =3F$/ REJECT # Reject attachments containing problematic extensions /(filename|name)=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif)"/ REJECT /(filename|name)=".*\.(scr|shb|shs|vb|vbe|vbs|wsf|wsh)"/ REJECT # Reject known viruses /(filename|name)="(Happy99|Navidad|prettypark)\.exe"/ REJECT >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011204233249.91835B751>