[67005] in North American Network Operators' Group
here are some postfix patterns i found useful today
daemon@ATHENA.MIT.EDU (Paul Vixie)
Fri Jan 30 19:03:53 2004
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
Date: Sat, 31 Jan 2004 00:03:20 +0000
Errors-To: owner-nanog-outgoing@merit.edu
what you do is, install postfix 2.0 or later, set header_checks to some
filename (in your main.cf), and in that file, you put the following:
/^Subject: Anti-Virus Notification/ REJECT av01
/^Subject: BANNED FILENAME/ REJECT av02
/^Subject: File blocked - ScanMail for Lotus/ REJECT av03
/^Subject: InterScan NT Alert/ REJECT av04
/^Subject: Message deleted/ REJECT av05
/^Subject: NAV detected a virus)/ REJECT av06
/^Subject: Norton AntiVirus detected/ REJECT av07
/^Subject: RAV AntiVirus scan/ REJECT av08
/^Subject: Symantec AntiVirus/ REJECT av09
/^Subject: VIRUS (.*) IN MAIL FROM YOU/ REJECT av10
/^Subject: VIRUS IN YOUR MAIL/ REJECT av11
/^Subject: Virus Detected by Network Assoc/ REJECT av12
/^Subject: Virus Notification:/ REJECT av13
/^Subject: Virus found in a message you sent/ REJECT av14
/^Subject: Virus found in sent message/ REJECT av15
i guess this isn't something you can cut&paste into an IOS box, but it's
sure saving my ass here today, so i thought i'd share. i'm getting MUCH
MORE E-MAIL TRAFFIC today from antivirus adware servers than from worms.
see also <http://www.attrition.org/security/rant/av-spammers.html>.
