[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [Full-Disclosure] Filtering sobig with postfix

To: Valdis.Kletnieks@vt.edu
Subject: AW: [Full-Disclosure] Filtering sobig with postfix
From: vogt@hansenet.com
Date: Wed, 20 Aug 2003 15:37:06 +0200

> > /see attached file for details/	REJECT
> > 
> > ever since, I've not had a single one coming through.
> 
> The reason this one works for the worm writers is because 
> it's standard English
> usage - as a result, it's *very* prone to false positives.  
> And you give no indication
> of *why* the file was rejected, so the sender has no idea 
> that if he re-sends but
> says "Hey check out the file for the long version" instead it 
> will get through.

It ain't perfect, but it works. I'll probably remove it once
this storm has blown over. I wanted to share it because it is
easy to implement and works like charm.

The improved version:

/see attached file for details/	554 Refusing to accept your virus e-mail

should solve the problem that the sender has no idea why his
mail was rejected.


Tom Vogt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Desperately OT] [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Next by Date: Re: [Full-Disclosure] Re: Filtering sobig with postfix
Prev by thread: Re: [Full-Disclosure] Re: Filtering sobig with postfix
Next by thread: AW: AW: [Full-Disclosure] securing php
Index(es):
- Date
- Thread