On Wed, 11 Feb 2004, Raquel Rice wrote:
> It may be better to filter viruses with an anti-virus filter, like
> ClamAV. Failing that, maybe filtering using procmail, like:
>
> :0B
> * name=.*(\.exe$|\.scr$|\.pif$|\.bat$)
> {
> :0 $Lock
> $VIRS_BOX
> }
For the particular case of virus blocking, I agree that a real
anti-virus tool like ClamAV is the way go. (Using ClamAV here.)
However, be aware of the limitation of signature based anti-AV,
when a new breed of viri first arrives on the scene it will slip
right thru.
A heuristic based filter may actually be better in some cases.
(If the attachment MIME type is 'text|audio|image|video' and file
extension == executable, KILL ;)
However for the general case, there may be other reasons why somebody
might want to SA filter on some arbitrary part of a message.
procmail is not an option for everybody, for example on a gateway
that is a front-end for some other kind of mail system.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
