[Esd-l] Re: Permit certain files *.vbs to notify
John D. Hardin
jhardin at impsec.org
Fri Mar 14 06:26:40 PST 2003
On Fri, 14 Mar 2003, Philip Choy wrote:
> 'cos they are working @ home, using their own ISPs, but use
> company name in email.
So their ISP is rewriting the envelope from headers, I suppose.
Regardless, the list of people doing this is limited in size, so you
can whitelist .VBS attachments coming from those addresses.
Try something like:
:0
* ^Return-Path: <((devel1|devel2)@magix\.com\.sg|...etc...)>
{
MANGLE_EXTENSIONS="std|ext|lst|omitting|vbs"
}
Does that make sense?
This version may be easier to maintain:
:0
* 9876543210^1 ^Return-Path: <devel1 at magix\.com\.sg>
* 9876543210^1 ^Return-Path: <devel2 at magix\.com\.sg>
* 9876543210^1 ^Return-Path: <devel3 at magix\.com\.sg>
{
MANGLE_EXTENSIONS="std|ext|lst|omitting|vbs"
}
If you want to be a little more paranoid you can require a keyword in
the subject header as well:
:0
* ^Subject:.*vbs_attachment
* 9876543210^1 ^Return-Path: <devel1 at magix\.com\.sg>
* 9876543210^1 ^Return-Path: <devel2 at magix\.com\.sg>
* 9876543210^1 ^Return-Path: <devel3 at magix\.com\.sg>
{
MANGLE_EXTENSIONS="std|ext|lst|omitting|vbs"
}
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...voice or no voice, the people can always be brought to the bidding
of the leaders. That is easy. All you have to do is tell them they
are being attacked and denounce the pacifists for lack of patriotism
and exposing the country to danger. It works the same way in any
country.
-- Hermann Goering
-----------------------------------------------------------------------
69 days until The Matrix Reloaded
More information about the esd-l
mailing list