Any way to block emails with a certain named attachment?

D

desynced

Verified User
Joined
Dec 29, 2008
Messages
46
http://w.virscan.org/report/fc41cbe831a608d52708192e972c2994.html

Seems all the email attachments with the new malware/virus has the file name NudeFot.zip. According to VirusScan.org, only a few virus scanners are catching it currently (of course Clam will be one of the last) and was wondering if there was a way to get Exim to reject any emails with the attachment NudeFot.zip.

Looks like the servers are getting hit with alot of incoming emails with this file name attached.
 
I would suggest you check out http://www.mxguarddog.com, they filter email before it reaches your server. Spam and viruses are removed (you can do custom file attachment rules yourself as well).

Takes the load off your server by having the crap removed before it even touches your server.
 
It looks like an interesting service but it's domain-based, and not server based. You couldn't sign up your customers for this, for example, without putting a link to them somewhere on a page somewhere; it's not clear if that page needs to be in the domain being protected.

Also I don't see if you can use it to answer the original poster's requirement, to delete emails with a certain named attachment.

They say the amount of addresses you can protect depends on traffic to the site where you link to them, but they don't seem to publish any numbers. How do we know if a site has enough traffic to handle a given amount of email addresses?

Where are you required to link to in order to use their service?

Jeff
 
Yep, the service is domain based. I have good results with the service, I have tested the file blocking (just tested it, don't really need it) and the messages were placed into quarantine not deleted.

You can place the links on any public website, so for example I can generate hundreds of credits by placing a link on our homepage and then protect about 20 domains worth of our customers with just the link from our homepage.

So my 20 clients don't put a link anywhere, as long as they are under my account and I generate enough credits they are all covered and don't need to do anything.

Not a solution for everyone, but works nice for me.
 
But I can't find how to tell how many credits I get. That's the biggest issue I have with it. I can't consider it if I don't know what it's going to take to get it working for how many email addresses.

I'm glad it works for you, but I don't think it's a solution for most hosting companies.

Please answer my questions if you can.

Thanks.

Jeff
 
I'm no Exim expert, but could this be done in a similar way to the blocklist/whitelists files work, like, list extensions in a file?

(by the way your readme for SB4.1 returns a 404?)
 
Peter Laws said:
I'm no Exim expert, but could this be done in a similar way to the blocklist/whitelists files work, like, list extensions in a file?
Click to expand...
It can probably be done with exim.pl, or perhaps using the SPAM filter.
(by the way your readme for SB4.1 returns a 404?)
Click to expand...
What URL were you using? Where was the URL posted. Note I haven't officially announced 4.1, and there's only one unimportant change. My purpose is to switch back to a number system rather than a date system.

Jeff
 
Fixed, thanks. I had forgotten I renamed the file as well as the directory.

Jeff
 
You must log in or register to reply here.
Back
Top