[Nolug] s0big virus got you down?

From: Joey Kelly <joey_at_joeykelly.net>
Date: Wed, 27 Aug 2003 01:58:54 +0000
Message-Id: <200308270659.h7R6x5007814@vkh.joeykelly.net>

Hey all,

Want to get rid of all the s0big virus bounces? For those of you running
SpamAssassin, here are some rules to put in your
/etc/mail/spamassassin/local.cf file. Also there is a bit about procmail here
as well, but I'm sending the offenders to /dev/null ;-).

You can put the rules in your ~.spamassassin/user_prefs file, but you'd have
to turn on the ability to do this in the local.cf file anyway; plus the rules
would be recompiled for each email it processed, which is way too much
overhead. Also this is a security risk if spamd runs as root.

http://www.exit0.us/index.php/VirusBounceRules

Incidently, you'll notice that I'm purposely munging the virus name: the
rules assume that any mention of the virus in your incoming email is a bad
thing. If you're monitoring lists and expect such traffic, either whitelist
the addresses in your user_prefs file, or hunt down the appropriate rule and
change it.

If you want to block attachments (and therefore most viruses), see my earlier
email (I'm still looking for a comprehensive list of file extensions to
block).

-- 
Joey Kelly
< Minister of the Gospel | Computer Networking Consultant >
http://joeykelly.net
"Democracy is two wolves and a lamb voting on what to have for lunch.
Liberty is a well-armed lamb contesting the vote."
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/27/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST