Re: Sieve script to filter today's MS annoyances
Kirk Strauser said:
> That was way too simple. I've been growing the script as false negatives
> trickle in, and the current results are below. By the way, I've come to
> the
> realization that filtering this with pattern matching is probably an
> exercise in futility, but it's still fun to try (and it's blocking several
> hundred mails per hour, so that's kind of worthwhile).
>
Filtering spam is good :)
How's this for simple, just block/filter all email with the body content
matching this regexp:
/^\s*(Content-(Disposition|Type))?.*(file)?name=".+\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|xl)".*/
I got the idea from:
http://sbserv.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml
I think it could be tightened up a little more, but it's better (for me)
than accepting attachments of all those types. I've got Postfix rejecting
these files with a message to zip them if the sender needs to get me the
file.
That only helps me against the obvious virus sources, not against
mime-type spoofing or scripting. Nor does it help against normal spam. I
have a procmail invoked Razor check going, but it has some issues. 1) It
checks when the email is recieved rather than minutes/hours later like the
SpamNet Outlook client. 2) It returns a single status for the whole
message (the version I have installed anyway) so it filters when people
use a spam reported background or footer image.
Someday I'll get annoyed enough to try Spamassassin again with some of the
new filters you can hookd to it.
--
Jacob
Trying out SquirrelMail
Reply to: