I both block based on the attachment extensions and on an antivirus check.
But in both cases I do a bounce to the sender (with <attachment>none</attachment>) :
<processor name="root">
...
<!-- Check attachment extensions for possible viruses -->
<mailet
match="AttachmentFileNameIs=*.exe,*.com,*.bat,*.pif,*.scr,*.vbs,*.avi,*.mp3,*.mpeg,*.shs"
class="Bounce" onMatchException="noMatch">
<inline>heads</inline>
<attachment>none</attachment>
<passThrough>false</passThrough>
<prefix>[REJECTED]</prefix>
<notice>
The Security Policy of Xyz Corp. does not allow to forward messages containing
attachments having any of the extensions .exe, .com, .bat, .pif, .scr, .vbs, .avi,
.mp3, .mpeg, .shs, therefore your message has been rejected.
Please don't reply to this e-mail as it has been automatically sent by the antivirus
system.
Regards, Postmaster xyz.com
_____________________________________
</notice>
</mailet>
<!-- Check for viruses -->
<mailet match='IsInfected="C:\Program Files\Common Files\Network
Associates\VirusScan Engine\4.0.xx\scan" /analyze /noboot /nomem /noexpire /unzip
/report %reportFile% %targetDir%\*.tt, D:\Viruscheck, false, 13' class="ToProcessor"
onMatchException="noMatch">
<processor> virus </processor>
</mailet>
...
</processor>
...
<!-- messages containing viruses. -->
<processor name="virus">
<mailet match="All" class="Bounce">
<inline>heads</inline>
<attachment>none</attachment>
<notice> Warning: We were unable to deliver the attached message because
one or more attachments were found infected by viruses. </notice>
</mailet>
<mailet match="All" class="ToRepository">
<repositoryPath>file://var/mail/infected/</repositoryPath>
</mailet>
</processor>
Vincenzo
> -----Original Message-----
> From: Kenny Smith [mailto:[EMAIL PROTECTED]
> Sent: mercoledi 24 settembre 2003 19.18
> To: James Users List
> Subject: Re: worms
>
>
> I decided simply to block any message with dangerous attachments:
>
> <mailet
> match="AttachmentFileNameIs=*.scr,*.pif,message.zip,*.exe,*.vbs,*.bat"
> class="ToProcessor">
> <processor> spam </processor>
> </mailet>
>
>
> .scr .pif .exe .vbs and .bat files (in my overly strict and yet still
> humble opinion) have no business being attachments. If you need to send
> those, then they can be zipped and the recepient protected. As for
> message.zip, I threw that in there for SoBig. It might catch a legit
> email, but for my uses the simplicity of it outweighs the potential loss.
>
> Kenny
>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
