[Dshield] Netsky.B postfix filter

Ruigrok, Jeroen jeroen_ruigrok at epson-europe.com
Thu Feb 19 09:34:42 GMT 2004


For those of you using postfix:

/.*name="?(document|msg|doc|talk|message|creditcard|details|attachment|me|st
uff|
posting|textfile|concert|information|note|bill|swimmingpool|product|topselle
r|ps
|shower|aboutyou|nomoney|found|story|mails|website|friend|jokes|location|fin
al|r
elease|dinner|ranking|object|mail2|part2|disco|party|misc)\.(doc|htm|rtf|txt
)?\.
(com|exe|pif|scr)"?/ DISCARD infected with W32.NetSky.B

in header checks...

Any corrections/improvements are _more_ than welcome. :)

Reason for discard is that it may spoof the from, no need to contribute
back to the mess.

-- 
Jeroen Ruigrok van der Werven <jeroen_ruigrok at epson-europe.com>
Tel: +31-(0)30-6928727 




More information about the list mailing list