> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > > X-Virus-Scanned: by amavisd-new at postgresql.org
> >
> > Since "amavisd" does not appear to be catching the latest worm, how
> > about filtering on size? Anything, say, over 20K will be held for
> > approval. Here are the top posts by size to this list recently:
>
> The problem is, where do we stop? Tom pop'd me off a note
> about it yesterday, and we drop'd it from 40k to 30k ... :(
A quick stop-gap is to block all ZIPs. We don't usually see a lot of ZIP
attachments on these lists, IIRC.
If I'm not mistaken, you run postfix on the server for the lists. The
something along:
/etc/postfix/main.cf:
mime_header_checks = pcre:/etc/postfix/mime_header_checks
/etc/postfix/mime_header_checks:
/name=[^>]*\.(zip|exe|com|vbs)/ REJECT Potentially dangerous file
attachment.
Remove initial spaces, of course. And add/remove any other extensions
you need.
//Magnus