AW: [Full-Disclosure] Filtering sobig with postfix

• Previous message: Chris Eagle: "RE: [Full-Disclosure] W32/Welchia, W32/Nachi backdoor?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Valdis.Kletnieks@vt.edu
Date: Wed, 20 Aug 2003 15:37:06 +0200

> > /see attached file for details/ REJECT
> >
> > ever since, I've not had a single one coming through.
>
> The reason this one works for the worm writers is because
> it's standard English
> usage - as a result, it's *very* prone to false positives.
> And you give no indication
> of *why* the file was rejected, so the sender has no idea
> that if he re-sends but
> says "Hey check out the file for the long version" instead it
> will get through.

It ain't perfect, but it works. I'll probably remove it once
this storm has blown over. I wanted to share it because it is
easy to implement and works like charm.

The improved version:

/see attached file for details/ 554 Refusing to accept your virus e-mail

should solve the problem that the sender has no idea why his
mail was rejected.

Tom Vogt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Chris Eagle: "RE: [Full-Disclosure] W32/Welchia, W32/Nachi backdoor?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]