On Sun, 21 Sep 2003, Perry E. Metzger wrote:

> Wojciech Puchar <wojtek@tensor.3miasto.net> writes:
> > > > I've been slammed with a ton of worms the past two days.  What do
> > > > y'all recommend I use from pkgsrc to block them (using postfix)?
> > >
> > > you don't need anything from pkgsrc to block them. Postfix 2.0 and
> > > later have excellent scanning abilities built in.
> > >
> > > Just add:
> > >
> > > /^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh)/     REJECT Sorry, we do not accept .${3} file types.
> > >
> > > to your header_checks file (and turn on header checks!) and you'll
> > > never see any Microsoft viruses ever again.
> > >
> > any rule for .procmailrc???
>
> I imagine a variation on that regular expression in a rule sending
> matches to the bit bucket would work fine -- you would need to grep
> the body explicitly (unless procmail groks mime, which I don't think
> it does).

Just having to written one:

:0 B:
* ^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh)
rejectfile

Ron Roskens