> The latest Bagle viruses include zip files which are password protected
> - The mail body includes the password so that uninformed users will use
> this to open the zip, and thus propagate the virus.
>> Anti-Virus products cannot open the zip due to the fact that it is
> password protected (this is the reason behind the password protection).
>> Might be worth telling your users to not open any zip files that require
> a password - Most likely this will be bagle.
>
The *simple* solution is to use SA to block the virus by filtering for the
body content. There seem to be about a half dozen variants on the body of
the email, but you can use a couple of regex to trap them and bump the score
up. The only problem is if you are whitelisting certain domains.. Not much
you can do about that one.. However, if you do not have some of the aliases
that it uses simply drop them at the MTA before the AV kicks in, it should
save you a lot of processing overheads.
M
--
Email scanned by Blacknight for viruses and dangerous content.
Visit http://www.blacknight.ie for more information
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
