Jarno Elonen <elonen@iki.fi> wrote, "I wrote a helpfull Python script
this morning and have successfully filtered about 60(!) virus mails with
it today already. http://elonen.iki.fi/code/misc-notes/mpartinfo2hdr/";
It's a neat little program, testing for the true file-type sent. For an
individual user without access to something like Amavisd-new, it's a
valuable little script. However, for 90% of the viruses and spam out
there, some simple procmail scripting would be good enough. e.g.
# Example killfile
:0 HB
# Initial Score
* -99^0
# Attachments -- Viruses & spam are often HTML pages.
# They may embed "wav" or some such in the mime type, but
# usually viruses have an executable M$ extension, they still
# have the executable attachment suffix.
* 50^1 ^Content-Type.*(html|word|excel|zip-compressed|x-msdownload)
* 20^1 ^Content-Type.*(gif|jpe?g)
* 50^1 ^Content-Type.*(wav|mpe?g|avi|vid|ram)
* 75^1 ^Content-Type.*(exe|scr|pif|bat|com|vbs)
# Some spam and viruses exclude headers
* 20^0 ! ^From:
* 20^0 ! ^To:
* 20^0 ! ^Subject:
# Well known virus headers
* 75^1 ^From.*big@boss
# Don't feed the trolls
* 20^1 ^From:.*troll@underbridge\.net
# Thread killing -- effective when paired w/trolls
* 80^1 ^Subject:.*Stupid Thread
{
LOG="X-Kill-Score: $=
"
# Deliver to the Great BitBucket
:0
/dev/null
}
--
Chad Walstrom <chewie@wookimus.net> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
Attachment:
pgpDk08fcEvG5.pgp
Description: PGP signature