As I'm sure most people in here are, we're getting lots of bounces of worm messages our users didn't send. Can't be helped, really, but unfortunately, we've been getting quite a few from people using qmail (misconfigured, i assume) which bounces the entire message back, and doesn't do any sort of mime work, just sticks a few lines on the top.
All well and good, I suppose, but since it's not really a mime message, amavis-ng and clamav don't find the virus. Of course, outlook and outlook express don't decode it either. However, one of my customers uses popfile, and popfile does. So that customer (who's been getting quite a few, as one of the ISPs in the kingdom runs a very broken qmail installation) is a little concerned. I'm about to make a "signature" to be placed into postfix as a content check. I'm sure I can get it to work for this one worm, but I wonder if anyone's got a more generic way of doing things. Any ideas? Pulu ---- Afe.to ANTS POB 1478 Nuku'alofa, Tonga Ph: Country code 676 - 27946 or 878-1332 http://www.afe.to http://svcs.affero.net/rm.php?r=pulu ------------------------------------------------- This mail sent from Tonga's Premiere Internet Cafe Visit us online at http://www.cafe.afe.to discussions @ http://www.nomoa.com/index.php generic info @ http://www.tongatapu.net.to