Jarno Elonen <elonen@iki.fi> wrote, "I wrote a helpfull Python script this morning and have successfully filtered about 60(!) virus mails with it today already. http://elonen.iki.fi/code/misc-notes/mpartinfo2hdr/" It's a neat little program, testing for the true file-type sent. For an individual user without access to something like Amavisd-new, it's a valuable little script. However, for 90% of the viruses and spam out there, some simple procmail scripting would be good enough. e.g. # Example killfile :0 HB # Initial Score * -99^0 # Attachments -- Viruses & spam are often HTML pages. # They may embed "wav" or some such in the mime type, but # usually viruses have an executable M$ extension, they still # have the executable attachment suffix. * 50^1 ^Content-Type.*(html|word|excel|zip-compressed|x-msdownload) * 20^1 ^Content-Type.*(gif|jpe?g) * 50^1 ^Content-Type.*(wav|mpe?g|avi|vid|ram) * 75^1 ^Content-Type.*(exe|scr|pif|bat|com|vbs) # Some spam and viruses exclude headers * 20^0 ! ^From: * 20^0 ! ^To: * 20^0 ! ^Subject: # Well known virus headers * 75^1 ^From.*big@boss # Don't feed the trolls * 20^1 ^From:.*troll@underbridge\.net # Thread killing -- effective when paired w/trolls * 80^1 ^Subject:.*Stupid Thread { LOG="X-Kill-Score: $= " # Deliver to the Great BitBucket :0 /dev/null } -- Chad Walstrom <chewie@wookimus.net> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */
Attachment:
pgpDk08fcEvG5.pgp
Description: PGP signature