[Mimedefang] Sober
Kayne Kruse
Kayne at moranprinting.com
Wed May 4 16:00:11 EDT 2005
> The massive Sober virus attack is detected by $SuspiciousCharsInBody.
> Skip the antivirus process if you're willing to reject on that.
>
> We saw 250,000 Monday, 490,000 yesterday. Use of our time server also
> skyrocketed when this started.
>
> Joseph Brennan
I just added below the $SuspiciousCharsInHeaders in filter_begin, for the
quick an dirty:
if ($SuspiciousCharsInBody) {
md_graphdefang_log('suspicious_chars_body');
action_quarantine_entire_message("Message Quarantined because of
suspicious characters in body");
return action_discard();
}
This should do the trick.
Hopefully most mail programs out there are sane and do not trigger these, but
at least u can unquarantine.
Kayne
More information about the MIMEDefang
mailing list