|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robert Dalton (support
accesswest.com)Date: Tue Jun 05 2001 - 02:16:49 CDT
Hello,
I hope the following examples illustrate how to filter viruses using
postfix, with posix regular expressions (not PCRE). If anyone finds
problems with these expressions please report them to me.
---These filter file extensions such as .vbs .js .pif .scr etc. (note that they will catch all file extensions listed below even double extension files such as: bla-bla.txt.pif)
/(filename|name)=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif)"/ REJECT /(filename|name)=".*\.(scr|shb|shs|vb|vbe|vbs|wsf|wsh)"/ REJECT
Filter Happy99.exe, Navidad.exe, and prettypark.exe as file attachments:
/(filename|name)="(Happy99|Navidad|prettypark)\.exe"/ REJECT
More examples:
/(filename|name)="(pretty park|zipped_files|flcss)\.exe"/ REJECT /(filename|name)="(Msinit|wininit|msi216)\.exe"/ REJECT /(filename|name)="(Avp_updates|Qi_test|Anti_cih)\.exe"/ REJECT /(filename|name)="(Emanuel|kmbfejkm|NakedWife)\.exe"/ REJECT /(filename|name)="(Seicho_no_ie|JAMGCJJA|Sulfnbk)\.exe"/ REJECT
Catch the KAK worm and the KAK B variant hidden in the body of a message:
/(kak|day)\.(reg|hta)/ REJECT
---
Robert Dalton (SysAdmin)
AccessWest.com 435-586-WEST
- To unsubscribe, send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]