[unisog] Sendmail Filter for Sircam

Jose Nazario jose at biocserver.BIOC.cwru.edu
Tue Jul 31 16:07:08 GMT 2001


On Tue, 31 Jul 2001, David Lundy wrote:

> I am getting a lot of Sircam infected email.  Our email gateway is
> sendmail, but we have no filtering in place.  Does anyone have a
> pointer to a milter for Sircam or information on filtering for this or
> other rogue email?

the generic procmail sanitizer will prevent infection by defanging the
double extensions (ie .doc.exe). you can easily tweak it to sync on the
message body and kill it on the basis of that.

http://www.impsec.org/email-tools/procmail-security.html

enjoy. almost no tweaking to the sendmail setup, maybe a change of Mprog
to procmail ...

hope this helps.

____________________________
jose nazario						     jose at cwru.edu
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



More information about the unisog mailing list