[Mimedefang] How to discard mail silently when it contains bad attachments
wrolf.courtney at donovandata.com
wrolf.courtney at donovandata.com
Tue Aug 26 13:07:01 EDT 2003
You may want to put the following in /etc/mail/mimedefang-filter in filter:
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
return action_discard();
}
Immediately before "#Virus scan".
This way you will throw out the Sobig etc. viruses before having to run
your virus scanner.
Wrolf Courtney
Donovan Data Systems, Inc.
(212) 633-5470
Russ GilmanHunt
<rgilmanhunt at hotp.com> To: MIMEDefang list <mimedefang at lists.roaringpenguin.com>
Sent by: cc:
mimedefang-admin at lists.roaring Subject: Re: [Mimedefang] How to discard mail silently when it contains bad
penguin.com attachments
08/26/2003 12:18 PM
Please respond to mimedefang
On Mon, 2003-08-25 at 06:49, John.Mathews at events.wvu.edu wrote:
> Sobig.f is killing us here. The problem isn't finding and cleaning the
> virus, its
> sending out all those useless emails that have had the virus stripped
out.
> Is there
> an easy way to have the filters just discard the mail if it is found to
be
> infected?
>
> I'm getting 500+ per day in my own mailbox.
>
I'm using this fragment in the filter() routine, just after the call to
virus scan...
/*
if (($VirusName =~ m/sobig/i) or ($VirusName =~ m/klez/i)) {
md_graphdefang_log("Dropping Mail- $VirusName found from $RelayAddr");
return action_discard();
}
*/
but I'm not confident with it's robustness :) (I'm still a perl weenie).
hth,
Russ
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list