[plug] filtering virus infected files
Peter Wright
pete at cygnus.uwa.edu.au
Mon May 8 11:33:59 WST 2000
On Mon, May 08, 2000 at 11:04:52AM +0800, Mike Hasleby wrote:
> Hi all,
>
> With the advent of yet another email virus in the guise of the “love
> bug” last week, am I wrong in suspecting that on our email servers we
> can put in a filter to siphon off message containing a string of text
> in the subject, and redirect it to /dev/null ?
Depends on the mail server to a degree.
> Is this possible or am I dreaming?
[ snip ]
Yes, it certainly _should_ be possible.
I have to admit however that I'm not sure of the specifics even for
sendmail, which is the only one I'm moderately familiar with. What
mailserver are you using?
[ snip, text moved around ... ]
> Thus eliminating the problem of known viruses before they get to
> their destination.
Ummmm....yeahhhh..... :)
Well, unless you were very precise on the regular expression you used,
you run the risk of cutting out legitimate messages as well (eg. a
message with the subject line "I love you" - or whatever it was that the
Love Bug supposedly had - might well be a geniune message), and you're
_not_ going to be certain of cutting out viruses, as they could easily
have their subject line changed.
Far far far better to educate users not to open attachments and/or to
have their email clients configured to always show the full filename
extension (so you don't have the .vbs file masquearading as a .txt
file).
> Mike Hasleby
> Computer Technician
Pete.
--
http://cygnus.uwa.edu.au/~pete/
--
ROBIN: (warily) And if you get a question wrong?
ARTHUR: You are cast into the Gorge of Eternal Peril.
ROBIN: Oh ... wacho!
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
More information about the plug
mailing list