From chris@nbrewer.com  Tue Dec  4 15:29:33 2001
Return-Path: <chris@nbrewer.com>
Received: from kraeusen.nbrewer.com (kraeusen.nbrewer.com [208.42.68.65])
	by hub.freebsd.org (Postfix) with ESMTP id B3DC937B405
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  4 Dec 2001 15:29:32 -0800 (PST)
Received: by kraeusen.nbrewer.com (Postfix, from userid 1001)
	id 91835B751; Tue,  4 Dec 2001 17:32:49 -0600 (CST)
Message-Id: <20011204233249.91835B751@kraeusen.nbrewer.com>
Date: Tue,  4 Dec 2001 17:32:49 -0600 (CST)
From: Christopher Farley <chris@nbrewer.com>
Reply-To: Christopher Farley <chris@nbrewer.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: freebsd-questions should filter out known viruses
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         32525
>Category:       misc
>Synopsis:       freebsd-questions should filter out known viruses
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 04 15:30:00 PST 2001
>Closed-Date:    Tue Dec 4 23:18:58 PST 2001
>Last-Modified:  Tue Dec 04 23:20:54 PST 2001
>Originator:     Christopher Farley
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
Northern Brewer, Ltd.
>Environment:
Not applicable

	
>Description:
   Lately, freebsd-questions has been receiving (and resending) a large
   number of email viruses, from the Sircam worm to the latest goner
   virus. 

>How-To-Repeat:
   Subscribe to freebsd-quesitons and count the email viruses!

>Fix:
   Implement Postfix body_checks on the mail server hosting 
   freebsd-questions to filter out attachments containing problematic
   extensions. My server's rules are pretty aggressive, but in 
   several weeks of filtering all my mail (including freebsd-questions),
   I have not rejected a valid email. A more conservative ruleset could
   be adopted, but here's what I use:

   # Filter out Sircam
   /^Hi! How are you=3F$/          REJECT
   /^Hola como estas =3F$/         REJECT

   # Reject attachments containing problematic extensions
   /(filename|name)=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif)"/ REJECT
   /(filename|name)=".*\.(scr|shb|shs|vb|vbe|vbs|wsf|wsh)"/ REJECT

   # Reject known viruses
   /(filename|name)="(Happy99|Navidad|prettypark)\.exe"/ REJECT

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Tue Dec 4 23:18:58 PST 2001 
State-Changed-Why:  
Please take this up with the Postmaster <postmaster@FreeBSD.org>. 

The FreeBSD PR database is for problem reports relating to the 
FreeBSD operating system and ports tree. 

If someone told you to file a PR for this, please let us know who 
it was. :-) 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32525 
>Unformatted:
