Filtering virus-related e-mails?
Michael Hudson
mwh at python.net
Thu Aug 28 07:36:10 EDT 2003
Francois Pinard <pinard at iro.umontreal.ca> writes:
> > Ten minutes after instituting the clever hack that saved mail.python.org,
> > about 250 hosts were being rejected at the firewall level.
>
> What is that clever hack? I'm mostly curious, but maybe interested too! :-)
Basically, any host that makes five or more attempts to send the Sobig
virus in 15 minutes is blocked by the Linux ipchain firewall. I'm not
sure how Sobig is detected; may just be the subject lines. Martijn
Pieters has a shell sitting on the machine doing this:
tail --follow=name /var/log/exim/reject.log | grep SOBIG | ~martijn/ipchain_deny_sobig.py
The script filters out the IP of sobig infected machines and tells the
firewall about them.
Cheers,
mwh
--
The above comment may be extremely inflamatory. For your
protection, it has been rot13'd twice.
-- the signature of "JWhitlock" on slashdot
More information about the Python-list
mailing list