OK, folks, repeat after me: Don't run unexpected attachments.
If you get email, and it has an attachment, and either you're not actually expecting it, or the message body does not clearly explain what the attchment is, then delete it. It's just that simple.
If it was from someone you know, contact them personally and ask them what it was that they sent you.
The latest worm/virus is yet another testament that people simply *refuse* to learn this simple lesson. But this one makes it stand out even more.
I mean, come on folks. The subject line is "Hi" and the message body is "Testy test". Doesn't this suggest to *anyone* that this is not legitimate email? And, yet, there are reports of *millions* of infected machines.
Once again, the Postfix rules:
In header_checks:
^Subject: Hi$ DISCARD Beagle virus/worm
and in mime_header_checks.regexp
/name=\"?(.*)\.(ade|adp|asx|bas|bat|chm|cmd|com|cmp|crt|do|exe|hlp|hta|hta|inf|ins|isp|jse|lnk|mnb|mde|msc|msi|msp|mst|pcd|reg|rm|scr|pif|scr|sct|shs|url|vbe|vbs|vxd|wsc|wsf|wsh|xl)\"?$/ REJECT For security reasons we reject attachments of this type
This particular worm is a combination of mail server administrator incompetence (or negligence) and people persistent refusal to use a smidgen of common sense when reading email. This is exactly the sort of worm that should have died before it ever infected the first person.
*Sheesh*
Hi Rich,
While I do agree with most of what you have said. I do have an issue with the smidgen of common sence when reading e-mail comment. This indicates stupidity on the part of the users. I think most
of the problem is with ignorance not stupidity.
an example of this is was happened (to me) last night.
It was about 8:30PM my wife and I had just put the kids to bed and finished cleaning up after dinner and I get a phone call from one of the parents on Sheila's soccer team.
He said that he was having computer problems and needed my help. OK I said, what was the problem. He stated that it is running very slow can't do anything :(
OK I said, can you goto the task manager?
What is that?
press ctl-alt-del
OK, nothing happened
(me) did you press them together?
(him) Do I have to?
(me) yes !!
(him) OK, but now the computer is in hybrnation mode.
(me) hun? (I relize that this is getting me nowhere) So I asked him, Do you have any virus software installed on the computer?
(him) What is that? what is a virus (I am not kidding)
(me) never mind, When did this start happening?
(him) when I was on the internet.
(me) were you checking your e-mail?
(him) yes
(me) did you open any attachments?
(him) what is an attachment?
(me) did you double click anything in the e-mail!!
(him) I think so but I don't know
(me) (thinking to myself ... oh great, I think it is time for plan B)
This went on for about 10 min. My point to all of this is, this person is new to computers (never had one before). He has absolutly zero knowlege as to the dangers of internet use. I don'y consider him stupid, he just simply does not know!!
I think the industry (IT) as a whole needs to do a better job in the education department. Before people jump on the internet. So guess what I will be doing when I get home tonight :)
Sorry for the rant but I had to get that story off of my chest. And yes it really did happen :)
Ron Hill
Posted by: Ron Hill on January 20, 2004 10:46 AMHmm. Well, let me know what you find out. My parents' computer is running really slow today too. :-(
Posted by: DrBacchus on January 20, 2004 01:46 PMThe following as postfix body_checks does wonders:
/^([[:blank:]].*|content-.+)name="?.+\.(exe|vb[se]|dll|bat|cmd|lnk|pif|ht[arw]|id[aq]|hlp|ws[cfh]|sc[tr]|cpl|js[ce]?|reg|ms[cipt]|vxd|ocx)"?/ REJECT
/^I send you this file in order to have your advice/ REJECT
/^Te mando este archivo para que me des tu punto de vista/ REJECT
/^TVqQAAMAAAAEAAA/ REJECT For security reasons, windows executables are not allowed