[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Virus emails

On Mon, Sep 22, 2003 at 04:53:16PM +0200, Matthias Urlichs wrote:
> Hi, Mike Hommey wrote:
> > helps catching 95%... But the bandwidth is still used... I'm still
> > looking for a pure MTA solution...
> A pure MTA solution would still need to scan the body and thus would still
> eat your bandwidth.

i have postfix's body_checks setup to reject lines that match the
following regular expression (this is the first line of the base64
encoded virus):


i'm not sure when postfix closes the connection, whether its after
recieving a matching line, or after the client is done sending data. if
the former though, this would be a good "pure" mta solution that doesn't
conserve too much bandwidth.

as to effectiveness, i've blocked 664 messages since saturday afternoon.
i still get some swen messages through, but they have had the virus
stripped already, so the message is considerably smaller.


Attachment: signature.asc
Description: Digital signature

Reply to: