On February 26, 2004 at 10:25, "Sean M. Alderman" wrote:
Every time a new virus comes along that we get hit with, I usually
hand modify bin/mk-procmail to add a filter to keep virus attachements
from getting into the archives I've got. I just took a look at the
Netsky virus info
(http://securityresponse.symantec.com/avcenter/venc/data/w32(_dot_)netsky(_dot_)c(_at_)mm(_dot_)html
) and it seems to be quite massive with the number of possible subjects, bodi
es, attachments and so forth. So, I was wondering if anyone here has thought
of a good way to filter the virus.
...
I would probably recommend a pre-processing procmail/anti-spam
filtering before mharc every sees it. This way, regardless of how
mharc changes, your virus/spam filtering is unaffected. Therefore,
the incoming mail spool that mharc processes will only contain messages
that have passed your virus/spam filtering.
I'm not familiar with how you have set things up, but generally,
inserting pre-processing filter is fairly easy.
BTW, you may consider just blocking all messages that contain
an executable attachment: .com, .exe, .pif, or .scr file extension.
For those times when sending an executable via email is legitimate,
the sender should zip up the file first. This at least prevents
auto-execution when the attachment is opened.
--ewh
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHARC-USERS
