Herb Peyerl wrote:

> Richard Rauch  wrote:
> >The present case appears to be a virus or worm.  I received two copies
> > to my real address, and about 35 to 40 to numerous bogus addresses at my
> > mail server.  The bogus ones bounced off to random places (except for
> 
> Yeah, I've got about 20 in the last 12 hours to my real address. No
> idea how many to bogus addresses.

I'm starting to get bounced messages that are supposedly coming
from my domain (in addition to the rejected .zip file messages)
but there is no record of contacting the server which is complaining
so I don't think my Postfix is relaying.

 Return-Path: <postmaster@thestate.com>

 Warning to Sender:  This notification has been sent to inform you
 that the message you sent to andrew@thestate.com : Subject: hi ;
 at Tue Jan 27 09:38:53 2004 ; was rejected by our messaging system
 virus/content filter/attachment blocking filter.  If you feel you
 have received this message in error, please contact your e-mail
 administrator for additional information.

AFAICT, all unknown destinations sent to my domain are rejected
properly.

.. 
> Personally, I just added the first few mime64 bytes of the .zip
> file into my /etc/postfix/body_checks :
> 
> ^TVqQAAMA     REJECT Sorry.  No executables please.
> ^UEsDBAoAAA  REJECT Sorry. No viruses please.

Or add it to the Swen worm header_checks:

/^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh|zip)/ REJECT Sorry, we do not accept .${3} file types.

Starting to look like we'll end up having to kill all mime attachments
and go back to just text-based email. :^)