[Mimedefang] Re: SoBig makes me rethink policy...
Andrzej Marecki
amr at astro.uni.torun.pl
Fri Sep 5 03:42:01 EDT 2003
David Skoll started this thread:
>
> Because of the enormous volume of mail from SoBig, I've reluctantly
> changed my policy on viruses from action_bounce to action_discard. All
> the stupid virus-notification messages were irritating me, and I realize
> that spurious bounce messages are just as irritating.
>
> So I now recommend action_discard for viruses. What a sad day for Internet
> e-mail when you have to violate (the spirit, at least) of RFC's to make
> life manageable. Thanks, Micro$oft.
Only now???!
A long time before Sobig-F appeared I had put the following code into my
mimedefang-filter:
if ($category eq "virus") {
md_log('virus',$VirusName, $RelayAddr);
# discard without notification Viruses which fake SMTP info
return action_discard() if $VirusName =~ /(?i)klez|bugbear|nimda|hybris|yaha|braid|sobig/;
# Bounce the mail!
action_bounce("Virus $VirusName found in mail - rejected");
return;
}
A. Marecki
-----------------------------------------------------------------------------
Andrzej Marecki |
Torun Centre for Astronomy | e-mail: amr at astro.uni.torun.pl
N. Copernicus University | WWW: http://www.astro.uni.torun.pl
ul. Gagarina 11 | tel: +48 56 6113032
PL-87-100 Torun, POLAND | fax: +48 56 6113009
-----------------------------------------------------------------------------
More information about the MIMEDefang
mailing list