perry@piermont.com (Perry E. Metzger) writes:
> For many of us, the constant stream of Microsoft outlook viruses is
> just an annoyance rather than a threat, but it is a big annoyance none
> the less. I find the following in the header_checks of my postfix
> configuration nicely kills all such garbage before it hits me:
> 
> /^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh)/     REJECT Sorry, we do not accept .${3} file types.
> 
> It works with any postfix past the 2.0 release, and works very nicely.

You might also have to duplicate that in the body_checks.  I've gotten
a few messages where the MIME was broken.

Now if only there was a virus-DNSBL I could use to block the message
before it chews into my bandwidth.  I already see a spike of 300MB
above the normal levels for my incoming ifstats.  This is going to be
one expensive virus to the net at large.

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/