<mailet match="AttachmentFileNameIs=*.scr,*.pif,message.zip,*.exe,*.vbs,*.bat" class="ToProcessor">
<processor> spam </processor>
</mailet>
.scr .pif .exe .vbs and .bat files (in my overly strict and yet still humble opinion) have no business being attachments. If you need to send those, then they can be zipped and the recepient protected. As for message.zip, I threw that in there for SoBig. It might catch a legit email, but for my uses the simplicity of it outweighs the potential loss.
Kenny
Noel J. Bergman wrote:
How do you defend?
I use a regex matcher, and then if there is an attachment I block it.
I haven't tried it for this latest worm, but for other systems, someone had suggsted:
/^Subject:[ ]*((Current|La(te)?st|New(est)?) ?)(Critical|(Internet|Microsoft|Net(work)?)( Critical|Security)?) (Pack|Patch|Up(date|grade)) *$/o
I believe that our equivalent would be something like:
Subject:^.*((Current|La(te)?st|New(est)?) ?)(Critical|(Internet|Microsoft|Net(work)?)( Critical|Security)?) (Pack|Patch|Up(date|grade)).*$
But I haven't tried it.
--- Noel
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
