[Mimedefang] How do I remove infected attachments before bouncing mail (action_bounce)
Justin Shore
listuser at numbnuts.net
Sun Jun 8 13:31:04 EDT 2003
On Fri, 6 Jun 2003, David F. Skoll wrote:
> On Fri, 6 Jun 2003, Dirk Mueller wrote:
>
> > > I have
> > > MIMEDefang rules to recognize and bounce virus-notification messages
> > > from a number of popular anti-virus tools.
>
> > Ooohhhhhhh ... wanna have!
>
> Well, so far I just bounce messages whose subject starts with "Vexira
> ALERT". That seems to be the most troublesome one. But most virus
> notification messages have subjects or bodies with constant text that
> you can look for.
The mosy annoying one I get is a Procmail AV tool that vul.com uses. I
trash them with a vengence. They look like this:
Date: Sun, 25 May 2003 15:24:49 -0400 (EDT)
From: Procmail Security daemon <abuse at vul.com>
To: dude at MUNGED.net
Cc: postmaster at MUNGED.net, abuse at MUNGED.net
Subject: Re: To Main Archives
Regarding your message to
<DLilly at vul.com>
***** DANGEROUS ATTACHMENT / VIRUS NOTICE *****
<snip lots of useless information>
Of course my lovely ieee.org account lets the infected messae on through
and immediately follows it up with a warning message about the previous
message. All I ever get on my ieee.org account is infected email. I
don't know who's addressbook I'm in but it's damned annoying. IEEE used
to munge the previous Received lines as well. That made tracking down
infected people rather difficult (read: snowball's chance in Washington).
Justin
More information about the MIMEDefang
mailing list