here are some postfix patterns i found useful today

Paul Vixie paul at vix.com
Sat Jan 31 00:03:20 UTC 2004


what you do is, install postfix 2.0 or later, set header_checks to some
filename (in your main.cf), and in that file, you put the following:

/^Subject: Anti-Virus Notification/             REJECT av01
/^Subject: BANNED FILENAME/                     REJECT av02
/^Subject: File blocked - ScanMail for Lotus/   REJECT av03
/^Subject: InterScan NT Alert/                  REJECT av04
/^Subject: Message deleted/                     REJECT av05
/^Subject: NAV detected a virus)/               REJECT av06
/^Subject: Norton AntiVirus detected/           REJECT av07
/^Subject: RAV AntiVirus scan/                  REJECT av08
/^Subject: Symantec AntiVirus/                  REJECT av09
/^Subject: VIRUS (.*) IN MAIL FROM YOU/         REJECT av10
/^Subject: VIRUS IN YOUR MAIL/                  REJECT av11
/^Subject: Virus Detected by Network Assoc/     REJECT av12
/^Subject: Virus Notification:/                 REJECT av13
/^Subject: Virus found in a message you sent/   REJECT av14
/^Subject: Virus found in sent message/         REJECT av15

i guess this isn't something you can cut&paste into an IOS box, but it's
sure saving my ass here today, so i thought i'd share.  i'm getting MUCH
MORE E-MAIL TRAFFIC today from antivirus adware servers than from worms.

see also <http://www.attrition.org/security/rant/av-spammers.html>.




More information about the NANOG mailing list