################################### # Body Check Virus Protection # julio@psi.com.br ################################### # contributions are welcome!! ################################### # $DATE: Seg Out 18 01:27:25 BRT 2004 ################################### # # INSTRUCTIONS # #################################### # # Edit your /etc/postfix/main.cf # #---------------------------------------------------- # # body_checks = pcre:/etc/postfix/body_checks # pcre:/etc/postfix/virus_body_checks # # mime_header_checks = pcre:/etc/postfix/mime_header_checks #---------------------------------------------------- # Edit your /etc/postfix/mime_header_checks to block # malicious M$ extensions not allowed like .com .bat .pif .src etc. # Add more extensions you feel you should block; #---------------------------------------------------- #/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|reg # |bat|chm|cmd|dll|vxd|com|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh] # |wmf|xl))"?\s*$/ # REJECT Attachment not allowed. File "$2" has the extension "$3" # ---------------------------------------------------- # # The extensions .zip and .exe is not a good idea to block, so # we can block virus whith this extension here. # # save the changes, and reload postfix: # $ postfix reload # # # Then, you can download new versions of virus_body_checks # whithout changes in your custom "body_checks". # # Please, send me feedback about stopping virus in your sistem. ################################################## # Use at yor own risk! No guarantee is given!! # Always use a good virus scanner in your system!! ################################################## # # #----------------------------- # _ Julio Cesar Covolato # 0v0 # /(_)\ F: 55-11-3129-3366 # ^ ^ PSI INTERNET #----------------------------- ################################### /^RSLxwtYBDB6FCv8ybBcS0zp9VU5of3K4BXuwyehTM0RI9IrSjVuwP94xfn0wgOjouKWzGXHVk3qg$/ DISCARD VIRUS (sobig.f) /^ZGUuDQ0KJAAAAAAAAAB\+i6hSOurGATrqxgE66sYBQfbKATvqxgG59sgBLerGAdL1zAEA6sYBWPXV$/ DISCARD VIRUS (W32/Swen@MM) /^(AAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g|UEsDBAoAAAAAA.*TVqQAAMAAAAEAAAA)$/ DISCARD VIRUS (W32/Bagle@MM) /^opAABQAIAD8KQcwvv80XRg4nABQA3ikmKkEA5pvWtM8BE0AAhT7FzAbbdwvLplkucwyA5XINwMum$/ DISCARD VIRUS (W32/Sober.c@MM) /^AAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v$|AAAMAAAAbWVzc2FnZS5odG1sTUlNRS1WZXJzaW9uOiAx$/ DISCARD VIRUS (W32/Mimail.j@MM) /(ê%Ú7k«É|7\^0Ò\'wÌ|5Øc\!õB)|^(UEsDBAoAAAAAA(......KJx\+eAFgAAABYAA|...QjBPBsbVAlg|.{23}AAAAZG9j|HYBpx7YcAAO2HAAAJ|...Nz|K4|.*(ICAg){5,})|.*ApIAUCZKAEAD\/bJ)/ DISCARD VIRUS (W32/Mydoom@MM) /(^UEsDBAoAAAAAA......(dbrAiAFYAAABW|udsW6AF4AAABe|R0AohIDIA|iZMYWCWMAAAlj))|O6uu9tYhZsBadcI7BKNhfQFmW4zt1ANne5kCAn/ DISCARD VIRUS (W32/Netsky@MM) /^UEsDBAoAAQ/ DISCARD (ENCRYPTED ZIP FILE) /^UEsDBAoAAAAAA.....FUnOUjAHoAAAB6AAA/ DISCARD VIRUS (W32/Netsky.ag@MM) /^R0lGODlh.*(MDcwKbK8AAAQOAgQAAggEBAgEBggGBggOBggICAgOCAgICAwKCg| MDAwMDcwCAgQEBAQGBgQODAQGBggICAgODggP\/78KCgpAAA\/\/\/\/\/wAAAAAA| AAAAMwAAZgAAmQAA\/wAzMwAzZgAzmTMAMzMAZjMAmTMzZjMzmTNmZjNmmWYz)/ DISCARD VIRUS (Phish-BankFraud.eml) /^UEsDBAoAAAAAA.....GjiB3egHMAAIBzAABUAAAAZGV0YWlscy50eHQgICAgICAgICAgICAg/ DISCARD VIRUS (W32/Netsky.p@MM) /^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ DISCARD VIRUS (W32/Netsky.p@MM) /^UEsDBAoAAAAAA....jGNS0\/3AFYAAABWAAC/ DISCARD VIRUS (W32/Netsky.z@MM) /^UEsDBAoAAAAAAOwEbTFbiToH6N0AAOjdAABPAAAAbWVzc2FnZV90ZXh0LnR4dCAgICAgICAgICAg/ DISCARD VIRUS (W32/Sober.j@MM) /^UEsDBBQAAgAAAHaffjEUNysN4S0AAOEtAAA.AAAA/ DISCARD VIRUS (W32/Zafi.d@MM) /KLlNe8bVIBAG1SAQ(A|B)/ DISCARD VIRUS (W32/Mydoom.bn@MM)