Date: Fri, 19 Sep 2003 17:48:09 -0400 From: "Michael W. Oliver" <michael@gargantuan.com> To: Kirk Strauser <kirk@strauser.com>, freebsd-stable@freebsd.org Subject: Re: Sieve script to filter today's MS annoyances Message-ID: <200309191748.14394.michael@gargantuan.com> In-Reply-To: <87fzitqwop.fsf@strauser.com> References: <87fzitqwop.fsf@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+--- On Thursday, September 18, 2003 23:33 ---
| Kirk Strauser proclaimed:
|
| I don't know what's going on, but I've been getting literally hundreds of
| virus/worm-looking emails per hour all day today. I grew tired of it and
| wrote the following Sieve script to filter my mail on the server.
|
| The pseudo-bounce messages were particularly annoying; they're close
| enough to the real bounce messages that I *want* to keep that they
| justified a little closer examination. I'll probably tighten the other
| message type to also examine the sender, but I doubt I'll be getting any
| legitimate mails that look like:
|
| Subject: latest security patch
|
| in the near future. Anyway, enjoy as you see fit.
|
I have found the following line in my Postfix body_checks.regexp to be very=
=20
satisfying:
/^TVqQAAMA/ REJECT Sorry, no executables allowed... zip it up.
Googling for that eight character string revealed it as the common=20
denominator for win32 execs.
=2D --=20
Mike
perl -e 'print unpack("u","88V]N=3D&%C=3D\"!I;F9O(&EN(&AE861E<G,*");'
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iD8DBQE/a3mesWv7q8X6o8kRAlV1AJ9g78cT1iR294hs/vwDW+NdOuR6SACeIrxU
Ax2GZhA5QWPa8vRiMz16qhk=3D
=3DEiP+
=2D----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309191748.14394.michael>