> Yep, as the OP is using postfix, he could use the > header_checks directive, > which can identify MIME headers, so he can easily stop this worm. > Just check for Content-Disposition header and block > everything with .pif in > filename.
Thought about that, but doesn't quite work. The headers only say multipart/mime. The .pif part comes later in the attachment. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html