[Mimedefang] Using values in X- headers for filtering
Kelson Vibber
kelson at speed.net
Wed Aug 20 16:32:02 EDT 2003
At 07:37 AM 8/20/2003, Murray Hunter wrote:
>All of these messages have
>the following header lines that seem to be specific to SO_BIG mails:
>X-MailScanner: Found to be clean
>X-Mailer: Microsoft Outlook Express 6.00.2600.0000
No, they're not specific to Sobig. It's impersonating real MailScanner and
Outlook Express headers.
If you block based on these, you will reject anything that comes through a
server using MailScanner and everything that comes from that particular
patch level of Outlook Express (and a quick search of my mail archives
shows that it does exist).
In other words, you *really* don't want to do this - at least not based on
these values.
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list