Displaying 1 result from an estimated 1 matches for "mailvirus".
2007 Apr 18
2
[Bridge] IPS HLBR 1.0 released (off-topic)
...ackers. Traffic filtering
(including the packets contents) can be done with simple rules.
Version 1.0 can use regular expressions to filter the packets. Below
is an example of rule with regular expressions:
<rule>
ip dst(email)
tcp dst(25)
tcp regex(filename="[^\n]+\.scr")
message=(mailvirus-1-re) .scr attach
action=virus
</rule>
In short, all TCP traffic destined to port 25 of the e-mail server
will be filtered. If the text:
filename="anything_different_of_line_breaks.scr"
is found inside the packet, that means there are an attachment .scr in
the e-mail (virus). So...