[Mimedefang] Re: sobig virus slipping by mcafee.

Cormack, Ken kcormack at acs.roadway.com
Thu Sep 4 15:17:01 EDT 2003 

If this is of any help, we completely stopped Sobig.F several days ago, with
the following change to /etc/mail/mimedefang-filter, contributed earlier to
the list.  Add the following (between the #***) to the top of sub filter.

sub filter ($$$$) {
    my($entity, $fname, $ext, $type) = @_;

    return if message_rejected(); # Avoid unnecessary work

#***********************************************************************
    my @sobig_subjects=("details","approved","thank you","that
movie","wicked screensaver","your application");
    my $sobig=0;

    if (open(IN,"<./HEADERS")) {
          $head = MIME::Head->read(\*IN);
          $sobig_subj = $head->get('subject');
          $sobig_scan = $head->get('X-MailScanner');
          $sobig_mailer = $head->get('X-Mailer');
          close(IN);

      # check if sobig.F subject line present
      foreach $sobig_temp (@sobig_subjects) {
        if ($sobig_subj =~ /$sobig_temp/i) {
           $sobig=1;
           last;
        }
      }

      # does mail have subject line, mailscanner and mailer from virus?
      if ($sobig && $sobig_scan =~ /clean/ && $sobig_mailer =~
/6\.00\.2600/) {
        md_graphdefang_log('sobig.F',$RelayAddr);
        return action_discard();
      }
    }  # main if
#***********************************************************************

-----Original Message-----
From: Douglas J Hunley [mailto:doug at hunley.homeip.net]
Sent: Thursday, September 04, 2003 2:19 PM
To: mimedefang at lists.roaringpenguin.com
Subject: [Mimedefang] Re: sobig virus slipping by mcafee.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter P. Benac shocked and awed us all by speaking:
> No it shouldn't...  My uvscan doesn't recognize this command and SoBig is
> NOT slipping by my uvscan.

for what it's worth, I was getting some slipping through MD, and I'm not 
running mcafee...
- -- 
Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778
http://doug.hunley.homeip.net && http://www.linux-sxs.org

Meeting, n.: An assembly of people coming together to decide what person or 
department not represented in the room must solve a problem.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/V4IF2MO5UukaubkRAsb0AJ9aJxdV3x3cVXL3a9KnDPWLG7NR7gCbBZzn
xMxOHxTglPHWAAvuZfcvhwg=
=oyGj
-----END PGP SIGNATURE-----


_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list