|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robert Dalton (support
accesswest.com)Date: Tue Jun 05 2001 - 02:24:45 CDT
(Sorry......The Neohapsis archive shrunk important text in my last post)
Hello,
I hope the following examples illustrate how to filter viruses using
postfix, with posix regular expressions (not PCRE). If anyone finds
problems with these expressions please report them to me.
These filter file extensions such as .vbs .js .pif .scr etc.
(note that they will catch all file extensions listed below even
double extension files such as: bla-bla.txt.pif)
/(filename|name)=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif)"/ REJECT
/(filename|name)=".*\.(scr|shb|shs|vb|vbe|vbs|wsf|wsh)"/ REJECT
Filter Happy99.exe, Navidad.exe, and prettypark.exe as file attachments:
/(filename|name)="(Happy99|Navidad|prettypark)\.exe"/ REJECT
More examples:
/(filename|name)="(pretty park|zipped_files|flcss)\.exe"/ REJECT
/(filename|name)="(Msinit|wininit|msi216)\.exe"/ REJECT
/(filename|name)="(Avp_updates|Qi_test|Anti_cih)\.exe"/ REJECT
/(filename|name)="(Emanuel|kmbfejkm|NakedWife)\.exe"/ REJECT
/(filename|name)="(Seicho_no_ie|JAMGCJJA|Sulfnbk)\.exe"/ REJECT
Catch the KAK worm and the KAK B variant hidden in the body
of a message:
/(kak|day)\.(reg|hta)/ REJECT
--- Robert Dalton (SysAdmin)AccessWest.com 435-586-WEST
- To unsubscribe, send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]