|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Body checks for Bagle virus not working
From: Alex van den Bogaerdt (alex
ergens.op.het.net)
Date: Fri Mar 05 2004 - 05:15:15 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Mar 05, 2004 at 06:08:59PM +0800, Peter Santiago wrote:
> >> I copied two patterns from a someone's post here to filter out Bagle
> >> infected email
> >>
> >> /^UEsDBAoAAAAAA/ DISCARD VIRUS (w32/bagle)
> >> /^UEsDBAoAAQAAA/ DISCARD VIRUS (w32/bagle encrypted)
> >
> > What does
> > postconf body_checks
> > tell you?
>
> postconf body_checks
> body_checks = pcre:/etc/postfix/body_checks.pcre
>
> Is this what you wanted?
Well, that's what YOU want, but yes, I was wondering if you did
actually call the body checks.
If you added the patterns to /etc/postfix/body_checks.pcre then
they should be checked.
Check with:
grep UEsDBAoAAAAAA /etc/postfix/body_checks.pcre
I'm not sure if the (w32/bagle) does any hurt. Maybe you can leave
it out, change the lines to
/^UEsDBAoAAAAAA/ DISCARD virus w32 bagle
/^UEsDBAoAAQAAA/ DISCARD virus w32 bagle encrypted
I'm used to put a tab inbetween / and DISCARD. Perhaps that's
something to try as well.
HTH
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]