Re: [Erlug] Finte mail Microsoft && postfix

To: erlug@xxxxxxxxxxxxxx
Subject: Re: [Erlug] Finte mail Microsoft && postfix
From: Maurizio Lemmo - Tannoiser <tann@xxxxxxxxx>
Date: Sat, 20 Sep 2003 11:47:21 +0200
* venerdì 19 settembre 2003, alle 23:08, Guido Bolognesi [ Zen ] scrive:
>       La soluzione personale e` da tempo quella di filtrare gli
>       attachment "nocivi" (.exe, .com, .scr...) direttamente a livello
>       di smtp, cosi` non devo neanche controllare che sia spam. In
>       piu` educa gli utenti, eheh.
>       in
>       header_checks = regexp:/etc/postfix/header_checks
>       il file header_checks contiene righe tipo
>       /Content.*\.vbs/        REJECT vbs not allowed.

Yep. Il vero problema di questa soluzione e`:

- non va bene per chi prende la posta con fetchmail (oddio, va bene, nel
  senso che non la riceve, eppero`...)

- ho amplifichi molto bene le regex, ho sei destinato a farne scappare
  tanti, tra: vari tipi di cazzi da filtrare, multipart malformati (non
  su una riga... c'e` un *splendido* <g> client di posta che lo fa..) e
  roba cosi`.

Ragion per cui, piu` che usare header_checks, consiglio e uso

Description: The Anomy Mail Sanitizer - an email virus scanner
 The Anomy sanitizer is what most people would call "an email virus
 That description is not totally accurate, but it does cover one of the
 important jobs that the sanitizer can do for you - it can scan email
 attachments for viruses. Other things it can do:
 Disable potentially dangerous HTML code, such as javascript, within
 incoming email.
 Protect you from email-based break-in attempts which exploit bugs in
 common email programs (Outlook, Eudora, Pine, ...).
 Block or "mangle" attachments based on their file names. This way if
 don't *need* to receive e.g. visual basic scripts, then you don't have
 worry about the security risk they imply (the ILOVEYOU virus was a
 visual basic program). This lets you protect yourself and your users
 from whole classes of attacks, without relying on complex, resource
 intensive and outdated virus scanning solutions.

