. This patch is for sendmail 8.12.* and will allow for regular expression checks of the body of all messages. It is based on the existing MAP_REGEX work. They will apply to sendmail up to at least 8.12.9.
You must not use a version of sendmail prior to 8.12.9 without security patches.
Warning! Use of this may result in users not being able to report spam to your abuse@ email address!
Add the following line:
Krv2 regex -aVirus-Detect2 ^TVqQAAMAAAAEAAA
To protect aginst the W32.Klez and Bug Bear (or bbugbear) virus as well as some based on it. It also will filter most mime encoded executables that many viruses use to exploit windows.
If your running 8.11 then check out the 8.11.1 version.
LOCAL_CONFIG # # Regular expression to reject: # Kbodyregex regex -aMATCH ^(spam|SPAM)
../../obj*/sendmail/sendmail -v -bs -C ./config.cf mail from: firstname.lastname@example.org rcpt to: root data spam message to test filter .
LOCAL_CONFIG # # Regular expression to reject: # # spam rejects Krs1 regex -aNoSpam (Millions of Email) Krs2 regex -a123.NoSpam (new auto today) Krs3 regex -aNoSpam (800-618-1495) # virus rejects Krv1 regex -aVirus-Detect1 (I send you this file in order to have your advice) Krv2 regex -aVirus-Detect2 ^TVqQAAMAAAAEAAA # collect all regex in one place Kbodyregex sequence rs1 rs2 rs3 rv1 rv2We can only add 12 regex patterns to a sequence map but we can add 12 sequence maps to each sequence map like this:
Krs1 regex -aNoSpam (Millions of Email) Krs2 regex -aNoSpam (new auto today) Krs3 regex -aNoSpam (800-618-1495) ... Kss1 sequence rs1 rs2 rs3 rv1 [...] Kss2 sequence [upto 12 more...] Kbodyregex sequence ss1 ss2
My complete list is here.In the past few days each rule has filted this many messages:
If sendmail won't filter on the patterns, make sure you built it properly with the -DREGEX_BODY. The easy way is to remove the obj.* build directory and rerun ./Build
Changes since last version:
Stuff I would like to add:
|Back to Tim's Homepage
|Back to current subject
|This page was last updated Wednesday, 16-Feb-2005 03:34:20 UTC
|thogard is a trademark of Tim Hogard