In message <87k784sr1k.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
>
>For many of us, the constant stream of Microsoft outlook viruses is
>just an annoyance rather than a threat, but it is a big annoyance none
>the less. I find the following in the header_checks of my postfix
>configuration nicely kills all such garbage before it hits me:
>
>/^Content-(Type|Disposition):.*(file)?name=.*\.(asd|bat|chm|cmd|com|dll|exe|hl
>p|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh)/     REJE
>CT Sorry, we do not accept .${3} file types.
>
>It works with any postfix past the 2.0 release, and works very nicely.
>
>

I use this in procmail:

MIMEINFO=`/usr/pkg/bin/reformime -i`
:0
* MIMEINFO ?? ^content-name:.+[~.](asd|bat|chm|cmd|com|dll|exe|hlp|hta|js|jse|lnk|ocx|pif|scr|shb|shm|shs|vb|vbe|vbs|vbx|vxd|wsf|wsh)$
/dev/null

It's an advantage for me since I don't control most of the mail servers 
I use.  (reformime is in the maildrop package.)

		--Steve Bellovin, http://www.research.att.com/~smb