[Esd-l]
Simon Matthews
simon at paxonet.com
Tue Feb 24 08:44:47 PST 2004
On Tue, 24 Feb 2004, John D. Hardin wrote:
> Marcela Doniov sez:
> >
> > procmail: Score: 0 0 "^TV[nopqr]....[AB]..A.A....*AAAA...*AAAA"
>
> Either (1) the document isn't really a document, or (2) there is
> another attachment to the message that is being trapped by the Windows
> Executable Magic test.
>
> It is very possible that the Windows Magic test is generating a false
> positive. The single test that is matching looks pretty short to me...
John,
On my externally-facing MTA (postfix), incoming email is scanned for the
following pattern and rejected with a 550 code if it matches.
/^TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAA/
Now I don't know if there have been any false positives, but I don't think
so. No-one has complained and the check only causes rejected emails when
there are viruses active.
I think there have been zero false negatives, but once again, I'm not 100%
sure about this.
Simon
More information about the esd-l
mailing list