[geeks] when will it end? (Clam AV)
Mike Meredith
mike at blackhairy.demon.co.uk
Sat Dec 20 03:25:01 CST 2003
On Fri, 21 Nov 2003 14:38:58 -0600, Bill Bradford wrote:
> > want to look at blocking Windows executables entirely ... there's an
> > exiscan-ACL method which (as it uses regexps) might translate to
> > Postfix.
>
> I'm not dropping Postfix, and yeah, I dont *need* to run a virus
> scanner.. but I guess amavisd/amavisd-new is the best there is right
> now for interfacing.
You missed my serious point ... use Postfix body checks to look for
/^TVqQAAM/ which should match every Windows executable in base64. I
haven't done much testing, but it doesn't seem to match anything else in
my mail archive although to be safer you could look for a blank line
immediately before it.
Don't know if that'll stop the malware you're getting ... I don't seem
to have a copy lurking around here.
More information about the geeks
mailing list