* Willem-Jan Meijer (willem-jan@computerdokter-groenlo.nl) [030927 06:54]: > My antivirus is working well, but all those MS mails are very annoying > Better delete before seeing it :) Consider, at least temporarily, blocking anything with an exe attachment at smtp time. I started this a few days ago on my mail server (after clearing it with all of my users first, of course -- I'm not _that_ much of a BOFH) and it's been great. I'm using exim4. Andreas Metzler's packages (the stable backports) include exiscan-acl. I wonder how I ever lived without it! Now I've got a multi-tiered approach. Black- and white-lists, block all exe:vbs:scr:... attachments, and everything else goes through clamav. All at smtp time. So far, this has reduced the annoyance to the misplaced bounces; we haven't seen any of the actual virus here at all. (My rejectlog is getting large, though ;) I did think (and still do think) that filename-based-blocking is pretty lame, but recently it's been saving my clamscan from GiB of traffic. All of my users said that they don't expect any attachments of those extensions anyway, and have expressed relief at being able to use their email again. I'll probably lift the filename-based-block once the noise dies down (if it ever does ... let's see a show of hands of those who still get nimda nad code red in their error_logs!) and just leave it up to clam -- which by the way, was recognizing the virus as Gibe.F from the first day, as quick as the "big boys". Kudos to the clam team and community! good times, Vineet -- http://www.doorstop.net/ -- http://www.doorstop.net/sprintpcs_sucks
Attachment:
pgpS50JJ5GVDZ.pgp
Description: PGP signature