Postfix and local users.
Jason Crowe
jcrowe at cmuonline.net
Thu Aug 28 18:14:17 CDT 2003
Here is what we are using to catch all the sobigs. Not saying it's
better, just differant.
:0BD
* -1000^0
* 200^0 ^TVqQAAM
* 200^0 K/cBHSx
* 200^0 rZVJizb
* 200^0 DrVitFc
* 200^0 rolkJrX
* 200^0 zt8P9pT
#Sobig-b
* 200^0 gHB/e2v
* 200^0 j1qLR/m
* 200^0 dAgyJY8
* 200^0 0SOIV7x
* 200^0 Gw47Qgh
#Sobig-c (by Fredrik Rodland)
* 200^0 BSj0hvF
* 200^0 HN8EMuX
* 200^0 LvRtJdz
* 200^0 MdFFlfN
* 200^0 oikgcxQ
#Sobig-gen
* 200^0 /HrcLhs
* 200^0 qfZjXLv
* 200^0 msFydo9
* 200^0 iJGZx/6
* 200^0 Gg7aCZs
#Sobig-gen (UPX packed and scrambled)
* 200^0 v0ibwKA
* 200^0 CDH2kTw
* 200^0 YBdt6zE
* 200^0 nblNbDU
* 200^0 jWqE0Z6
#Sobig-f
* 200^0 IOsT73k
* 200^0 eGYh2Eo
* 200^0 cb07glg
* 200^0 G+Q1KAS
* 200^0 WaUYonD
{
:0:
/dev/null
}
Jonathan Hutchins wrote:
>Something to catch SoBig:
>
> * 9876543210^1 ^Content-(Type|Disposition):.*name *=
>*"?(your_details|details|application|document.*|movie.*|wicked_scr|your_document|thank_you).(pif|sc
r)"?
> * 9876543210^1 ^Content-(Type|Disposition):.*$.*name *=
>*"?(your_details|details|application|document.*|movie.*|wicked_scr|your_document|thank_you).(pif|sc
r)"?
>
>
>
>
>
>
More information about the Kclug
mailing list