Mailovy cerv IFUCKYOU a obrana proti nemu
Martin Macok
martin.macok na underground.cz
Pátek Květen 5 09:15:48 CEST 2000
On Fri, May 05, 2000 at 07:25:24AM +0100, Miroslav BENES wrote:
> Asi nema cenu pripominat, co se v elektronicke komunikaci deje.
> Otazkou ale zustava co s tim ? Jelikoz nemam na postovnim serveru
> zadny antivirak (a pripada mi zbytecne ho nasazovat), napadlo me
> chranit uzivatele tim, ze bych prichozi dopisy tridil.
>
> Obsahuje Subj: urcity text ? Pokud ano, zahod (nebo vrat zpet :).
> Neobsahuje ? Zpracuj normalne.
>
> Pouzivame Debian 2.1 + Exim 2.05-1. Casem se stejne budu muset
> pohrouzit do manualu (neinstaloval jsem to ja), ale rad bych udelal
> rychly zasah co nejdrive.
Bohuzel nemohu slouzit eximem, ale aspon:
SENDMAIL:
Sendmail.com has a rule to filter the worm based on the subject header
at http://www2.sendmail.com/loveletter. It works with Sendmail 8.9
and newer. You should probably add "Joke" to the subject lines it
scans for.
POSTFIX:
* Make sure your version of postfix supports the header_checks directive.
* Add the line "header_checks = regexp:/etc/postfix/header_checks"
to your main.cf file.
* Create a /etc/postfix/header_checks file with a line of:
/^Subject:.*ILOVEYOU/ REJECT
or better yet
/Content.*\.vbs/ REJECT
* Execute "postfix reload".
Zdroj: konference BUGTRAQ
--
< Martin Mačok martin.macok na underground.cz <iso-8859-2>
\\ http://kocour.ms.mff.cuni.cz/~macok/ http://underground.cz/ //
\\\ -= t.r.u.s.t n.0 o.n.e =- ///
Další informace o konferenci Sendmail