[Sderby] That's got to be a record!
David Jolley
sderby at mailman.lug.org.uk
Thu Aug 21 16:35:01 2003
Dominic Knight wrote:
>On Wednesday 20 August 2003 22:09, slh@f2s.com wrote:
>
>
>>>You'll be excited to note that today was our busiest day for
>>>messages. Unfortunately 45 of them were viruses that couln.t be
>>>approved. Only one was from a known member (hemstock@tiscali
>>>needs a virus checker) and we seem to have made it into many a
>>>company address book.
>>>
>>>
>>heehee,
>>
>>/me points at mike(hemstock) and sniggers
>>
>>being serious, i think the virus thats doing the rounds at the
>>moment spoofs email address, so that the sender is actually the
>>one who sent it. theyjsut get the blame.
>>
>>Ian
>>
>>
>Yeah, you're right, Mike's mail address was spoofed from a mail he
>posted in May (ID: 200305181952.59642 if you're interested in
>finding where they took it from Mike).
>Until they get bored, I will stop sending myself copies of messages
>waiting for approval and dump almost everything, please don't send
>any HTML or anything that will get caught by the spam filter as I am
>likely to miss it.
>
>Dom
>
>
>
On this note - or at least a very similar one, may I suggest that in the
onslaught of the latest virus, all you exim users nust need to create a
file with the contents:
------ Cut Here ------
# Exim Filter
if ($h_subject: is "Re: That movie" or
$h_subject: is "Re: Wicked screensaver" or
$h_subject: is "Re: Approved" or
$h_subject: is "Re: Details" or
$h_subject: is "Re: Re: My details" or
$h_subject: is "Re: Thank you!" or
$h_subject: is "Thank you!" or
$h_subject: is "Re: Your application" or
$h_subject: is "Your details")
then fail text "This message looks like a virus"
endif
------ Finish ------
and add a line in exim.conf (near the top) to reference the file thusly:
system_filter = /path/to/file-you-just-created
for version 4.x of exim and:
message_filter = /path/to/file-you-just-created
for 3.x (or so) of exim.
This will filter out all messages with the subject lines that the
Sobig.F virus is known to use. Filtering by content? Fine by me if
you're getting 2000 emails per day...
Cheers,
Dave