From owner-freebsd-bugs  Tue Dec  4 15:30:10 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3ADB637B41A
	for <freebsd-bugs@hub.freebsd.org>; Tue,  4 Dec 2001 15:30:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fB4NU0K66440;
	Tue, 4 Dec 2001 15:30:00 -0800 (PST)
	(envelope-from gnats)
Received: from kraeusen.nbrewer.com (kraeusen.nbrewer.com [208.42.68.65])
	by hub.freebsd.org (Postfix) with ESMTP id B3DC937B405
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Dec 2001 15:29:32 -0800 (PST)
Received: by kraeusen.nbrewer.com (Postfix, from userid 1001)
	id 91835B751; Tue,  4 Dec 2001 17:32:49 -0600 (CST)
Message-Id: <20011204233249.91835B751@kraeusen.nbrewer.com>
Date: Tue,  4 Dec 2001 17:32:49 -0600 (CST)
From: Christopher Farley <chris@nbrewer.com>
Reply-To: Christopher Farley <chris@nbrewer.com>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: misc/32525: freebsd-questions should filter out known viruses
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         32525
>Category:       misc
>Synopsis:       freebsd-questions should filter out known viruses
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 04 15:30:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Christopher Farley
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
Northern Brewer, Ltd.
>Environment:
Not applicable

	
>Description:
   Lately, freebsd-questions has been receiving (and resending) a large
   number of email viruses, from the Sircam worm to the latest goner
   virus. 

>How-To-Repeat:
   Subscribe to freebsd-quesitons and count the email viruses!

>Fix:
   Implement Postfix body_checks on the mail server hosting 
   freebsd-questions to filter out attachments containing problematic
   extensions. My server's rules are pretty aggressive, but in 
   several weeks of filtering all my mail (including freebsd-questions),
   I have not rejected a valid email. A more conservative ruleset could
   be adopted, but here's what I use:

   # Filter out Sircam
   /^Hi! How are you=3F$/          REJECT
   /^Hola como estas =3F$/         REJECT

   # Reject attachments containing problematic extensions
   /(filename|name)=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif)"/ REJECT
   /(filename|name)=".*\.(scr|shb|shs|vb|vbe|vbs|wsf|wsh)"/ REJECT

   # Reject known viruses
   /(filename|name)="(Happy99|Navidad|prettypark)\.exe"/ REJECT

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message