[linux-elitists] postfix winders executable reject

Gerald Oskoboiny gerald@impressive.net
Thu Sep 25 12:39:06 PDT 2003


* Eugen Leitl <eugen@leitl.org> [2003-09-25 20:58+0200]
:
> there seems to be a common signature in first 64 Bytes of all
> Windows executables. Somebody have a Postfix recipe???

I used this to reject a few million copies of sobig.f, and misc
other stuff:

    body_checks = regexp:/etc/postfix/body_checks

and in /etc/postfix/body_checks:

    /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$/
      REJECT Keep your executables!

taken from
http://sbserv.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_sobigf.shtml

which says "Note: This pattern seems to match all DOS
executables. It may not be what you want!"

-- 
Gerald Oskoboiny <gerald@impressive.net>
http://impressive.net/people/gerald/



More information about the linux-elitists mailing list