Re: [tlug] OT ["Microsoft Corporation Security Center" <rdquest12@example.com>] Internet Security Update

["Jim O'Connell" <oconnell@example.com>]

I've been blocking this sort of thing at the server with a procmail script I got somewhere.
It's been working pretty well and blocks all sorts of types by extension, rather than trying to virus scan each attachment.
The number of non-viral attachments it's blocked has been trivial - if you need to send something that's otherwise prohibited, just zip it and re-send.
It doesn't handle attachments that are named using CSLID identifiers yet, but that hasn't been a problem so far.

I have it on my home web server if you're interested in taking a look:
http://mmdc.dyndns.org/modules.php?op=modload&name=News&file=article&sid=3&mode=thread&order=0

Hope this helps someone - it's made *my* life a lot easier.
(If only procmail were easier to understand...)
Cheers,
Jim


On Fri, 15 Mar 2002 12:03:41 +0900
YAMAGATA Hiroo <hiyori13@example.com> wrote:

> It IS actually making wider rounds. Wasn't there an announcement? Our
> company's IT department is all nuts about it because anti-virus
> utilities haven't come up with a pattern file yet, and so they are
> sending out numerous internal mails about do this/don't do that/there's
> nothing we can do at the moment and that sort of crap.
> 
> Of course there's something you could do, if it's a big deal, just block
> all mails with "patch.exe" file attached! My they are incompetent (but
> then as some of my colleagues said, "if they are competent, we'll let
> them do some real work that actually makes money!" Wrong attitude,
> although I know what he meant.)
> -- 
> NRI Social System Consulting #1
> YAMAGATA Hiroo <hiyori13@example.com>
> 
>