l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2004 Jan 30 00:41

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Virus deluge
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Virus deluge



On Tue, Jan 27, 2004 at 05:35:12AM -0800, Rod Roark wrote:
> I just created and installed a Postfix remedy for the latest
> MS malware outbreak, and thought I'd pass it on.  I'm seeing
> a VERY high rate of connections from machines infected with
> this stuff.
> 
> In main.cf, insert this:
> 
> body_checks=pcre:/etc/postfix/virus_body_checks
> 
> Create a file virus_body_checks containing this:
> 
> /^TVqQAAMAAAAEAAAA\/\/8AALg/ REJECT Emails with Microsoft executable attachments are not allowed here.
> /^UEsDBAoAAAAAA...OzDKJx\+eAFgAAABYAA/ REJECT Attached zip file appears to contain a virus.
> 
> If anyone has an improved solution, let me know, but this
> seems to work.

Thanks! It's working for me. The attachments come in, but they don't
even hit procmail. 

Something that plays nicely with this is to set 

local_recipient_maps = $alias_maps, unix:passwd.byname

so that messages to invalid recipients get rejected in the SMTP
conversation. By default on Debian Woody (postfix 1.1.11), messages get
accepted for any user, and if the user is invalid, Postfix generates a
bounce message and sends it out. 

Rejecting the message early saves 2*(message size) in bandwidth. This
gets significant with large worms. 

Note that this is now the default in Postfix 2.0. (About time, IMHO.) It
used to be a FAQ back in the Postfix 1.x days, but it took me a fair bit
of Googling before I found an old Postfix 1.x FAQ that explained it. 

That old FAQ is at
<http://www.muehlgasse.de/doc/packages/pfixtls/html/faq.html>. 

-- 
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00016.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.