[Mimedefang] German Hate Spam
Joseph Brennan
brennan at columbia.edu
Fri Jun 11 13:46:11 EDT 2004
--On Friday, June 11, 2004 9:41 AM -0700 Chris Masters <rotis23 at yahoo.com>
wrote:
> Hi All,
>
> We were hit by this today [in the UK]:
>
> http://www.theregister.co.uk/2004/06/11/german_hate_mail_virus/
>
> We're thinking that the best approach is to write a
> SpamAssassin rule.
>
> Any other ideas?
if ($MessageID =~ /<(.+)\.qmail\@/) {
if ($1 =~ /[a-z]/) {
md_graphdefang_log('virus','Sober',$RelayAddr);
action_bounce("Bad header");
return action_discard();
}
}
Adapt it to your usual logging and 550'ing standards.
Real qmail Message-IDs have only numbers and dots before the ".qmail@"
string. In fact the first eight chars are the date YYYYMMDD. Sober
puts letters in there.
Noticed because we got hit yesterday.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list