[Spambayes] Why I added src=cid: etc
Matt Sergeant
msergeant@startechgroup.co.uk
Tue Nov 5 10:29:04 2002
Rob W.W. Hooft said the following on 05/11/02 07:14:
> Matt Sergeant wrote:
> [on viruses]
>
>>Yeah, I've got some neat results just from classifying file extensions.
>>The double extension ones are especially good ;-)
>>
>>Matt.
>
>
> 2-line virusscanner in /etc/postfix/body_checks:
>
> /^(Content-(Type|Disposition):.*|[[:space:]]*(file)?)name=("[^"]*|[^[:space:]]*)\.(exe|com|scr|pif|bat|lnk|dll|vbs|js)/
> REJECT
> /^Content-Type:[[:space:]]*audio\// REJECT
Never REJECT on file extension. Only ever ACCEPT! This is the same rule
as firewalling - never close off insecure ports, only open the ones you
know are secure and/or needed.
Matt.