Nice list :)

--
IOnut
Unregistered ;) FreeBSD "user"

__________________________________________________________
Send 'unsubscribe rofug' to lis...@rofug.ro to unsubscribe

Vor aparea mai multe info legate de spam pe-acolo..

--
Alin-Adrian Anton
Spintech Systems
GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E)
gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E
__________________________________________________________
Send 'unsubscribe rofug' to lis...@rofug.ro to unsubscribe

Am atasat fisierul meu:
/usr/local/qmailscan/quarantine-attachments.txt
care face treaba.

Este necesar un:
/usr/local/bin/qmail-scanner-queue.pl -g
pentru a face noile setari active (creaza un fisier .db).

Sper ca va folosi cuiva.

Cu stima,
--
Alin-Adrian Anton
Spintech Systems
GPG keyID 0x1E2FFF2E (2963 0C11 1AF1 96F6 0030 6EE9 D323 639D 1E2F FF2E)
gpg --keyserver pgp.mit.edu --recv-keys 1E2FFF2E

[ quarantine-attachments.txt 29K ]
#
#       Based on http://std.dkuug.dk/keld/virus/header_checks
#       by Anton Alin-Adrian (burebista [/at] spintech.ro)
#
#
# Sample of well-known viruses that perlscan_scanner can use
#
# This is case-insensitive, and TAB-delimited.
#
# ******
# REMEMBER: run /var/qmail/bin/qmail-scanner-queue.pl -g after
# this file is modified
# ******
#
# Format: three columns
#
# filename<TAB>size (in bytes)<TAB>Description of virus/whatever
#
# OR:
#
# string<TAB>Header<TAB>Description of virus/whatever
#
# [this one allows you to match on (e.g.) Subject line.
#
# NOTE 1: This is the crudest "virus scanning" you can do - we are
# arbitrarily deciding that particular filenames of certain sizes contain
# viruses - when they may not. However this can be useful for the times
# when a new virus is discovered and your scanner cannot detect it (yet).
#
# NOTE 2: This is only good for picking up stand-alone viruses like the
# following. Macro viruses are impossible to detect with this method as
# they infect users docs.
#
# NOTE 3: Wildcards are supported. This system can also be used to deny
# Email containing "bad" extensions (e.g. .exe, .mp3, etc). No other
# wildcard type is supported. Be very careful with this feature. With
# wildcards, the size field is ignored (i.e. any size matches).
#
# .exe  0       Executable attachment too large
#
# That would ban .EXE files from your site (but would
# still allow .zip files...
#
# .mp3  0       MP3 attachments disallowed
#
# ...would stop any Email containing MP3 attachments passing.
#
# NOTE 4: No you can't use  this to ban any file (i.e. *.*) that's over
# a certain size  - you should
# "echo 10000000 > /var/qmail/control/databytes"
# to set the maximum SMTP message size to 10Mb.
#
# NOTE 5: The second option allows you to match on header. This would allow
# you to block Email viruses when you don't know anything else other than
# there's a wierd Subject line (or From line, or X-Spanska: header, ...).
# Note that it's a case-sensitive, REGEX string, and the system will
# automatically surround it with ^ and $ before matching. i.e. if you
# want wildcards, explicitly put them in...
#
# The string _must_be_ "Virus-" followed by the header you wish to match
# on - followed by a colon (:).
#
# e.g.
#
# Pickles.*Breakfast    Virus-Subject:  Fake Example Pickles virus
#
# will match "Subject: Pickles for Breakfast" - and
# not "Subject: Pickles - where did you go?"
#
#
# NOTE 6: Similar to the headers option, you can match on the mail ENVELOPE
# headers - i.e. "MAIL FROM:" and "RCPT TO:". These are identical to
# Virus-<header>, except that the header names are MAILFROM and RCPTTO only.
#
# e.g.
#
# bo...@address.here       Virus-MAILFROM: Bad mail envelope not allowed here!
#
# NOTE 7: Another "faked" header - "Virus-TCPREMOTEIP" can be used to match
# actions against the IP address of the SMTP client.
#

EICAR.COM               69      EICAR Test Virus
Happy99.exe             10000   Happy99 Trojan
zipped_files.exe        120495  W32/ExploreZip.worm.pak virus
ILOVEME         Virus-Subject:  Love Letter Virus/Trojan

# added by burebista to kill bogus antivirus spam messages

.*virus alert.*                         Virus-Subject:  bogus antivirus
.*Virus infection notice.*              Virus-Subject:  bogus antivirus
.*Incidencia de virus.*                 Virus-Subject:  bogus antivirus
.*Virus - Sujet :.*                     Virus-Subject:  bogus antivirus
.*Virus funnet i sendt melding ".* Virus-Subject:  bogus antivirus
.*A virus was detected.*                Virus-Subject:  bogus antivirus
.*virus found in received message.*     Virus-Subject:  bogus antivirus
.*Virus in mail from you.*              Virus-Subject:  bogus antivirus
.*Alerta: Suspeita de virus no E-mail.* Virus-Subject:  bogus antivirus
.*Virus found.*                         Virus-Subject:  bogus antivirus
.*Virus gefunden.*                      Virus-Subject:  bogus antivirus
.*Notice: Your mail has been blocked due to a violation.*       Virus-Subject:  bogus antivirus
.*Symantec AV.*detected a virus in a document you authored.*    Virus-Subject:  bogus antivirus
.*Symantec AntiVirus.*Filtering for Domino detected a virus in a document you.*         Virus-Subject:  bogus antivirus
.*Skynet Mail Protection scan results.* Virus-Subject:  bogus antivirus
.*Aviso: Detectado v.*rus de e-mail.*   Virus-Subject:  bogus antivirus
.*NOTIFICATION: Virus stopped.* Virus-Subject:  bogus antivirus
.*Virusfertozesi ertesites.*    Virus-Subject:  bogus antivirus
.*WARNING: YOU MAY HAVE A VIRUS.*       Virus-Subject:  bogus antivirus
.*Virus found in message.*      Virus-Subject:  bogus antivirus
.*Unsolicited commercial email rejected.*       Virus-Subject:  bogus antivirus
.*Invalid content in mail message (message rejected).*  Virus-Subject:  bogus antivirus
.*virus trovato in un messaggio inviato.*       Virus-Subject:  bogus antivirus
.*WIRUS w Twoim mailu !.*       Virus-Subject:  bogus antivirus
.*VIRUS EN SU CORREO.*  Virus-Subject:  bogus antivirus
.*VIRUS IN YOUR MAIL TO .*      Virus-Subject:  bogus antivirus
.*To Sender virus found and action taken.*      Virus-Subject:  bogus antivirus
.*Message Stopped ---- Virus Detected ----.*    Virus-Subject:  bogus antivirus
.*Wichtiger Hinweis: Virus entdeckt.*   Virus-Subject:  bogus antivirus
.*File was infected with a virus.*      Virus-Subject:  bogus antivirus
.*Devolto polo filtro antivirus por:  warning.* Virus-Subject:  bogus antivirus
.*Your email message was blocked because: Block email in with Dangerous file Attachments.*      Virus-Subject:  bogus antivirus
.*Aviso: Detectado v.*rus no e-mail.*   Virus-Subject:  bogus antivirus
.*\! PELIGRO \! - Virus encontrado en el correo .*      Virus-Subject:  bogus antivirus
.*Suspicious Attachment.*       Virus-Subject:  bogus antivirus
.*tipo de arquivo anexo proibido encontrado em mensagem enviada.*       Virus-Subject:  bogus antivirus
.*In einer E-Mail wurde ein Virus gefunden .*   Virus-Subject:  bogus antivirus
.*problem funni.*sendum bo.*um..*       Virus-Subject:  bogus antivirus
.*VIRUS.*PROBLEM IN IHRER MAIL.*        Virus-Subject:  bogus antivirus
.*Tipo de arquivo anexo nao permitido! encontrado em mensagem enviad.*  Virus-Subject:  bogus antivirus
.*returned due to virus or too large or too many attachment.*   Virus-Subject:  bogus antivirus
.*VIRUS NO SEU E-MAIL PARA.*    Virus-Subject:  bogus antivirus
.*Znaleziono wirusa w Twojej wiadomosci.*       Virus-Subject:  bogus antivirus
.*Returned due to virus\:.*     Virus-Subject:  bogus antivirus
.*RAV AntiVirus scan results.*  Virus-Subject:  bogus antivirus
.*ALANET ANTIVIRUS ALERTA - VIRUS EM SEU EMAIL.*        Virus-Subject:  bogus antivirus
.*Virus v dokumente Vami odoslanom.*    Virus-Subject:  bogus antivirus
.*virus in verschickter Nachricht gefunden.*    Virus-Subject:  bogus antivirus
.*ALERTE - Vous avez envoye un mail avec virus.*        Virus-Subject:  bogus antivirus
.*ENCONTRADO VIRUS EM SEU EMAIL.*       Virus-Subject:  bogus antivirus
.*Virus v dokumente Vami odoslanom.*    Virus-Subject:  bogus antivirus
.*Norton AntiVirus detected a virus in a message you sent.*     Virus-Subject:  bogus antivirus
.*Email-ul Dvs contine un Virus \!.*    Virus-Subject:  bogus antivirus
.*Proxy.* notification.*Virus found in a message.*      Virus-Subject:  bogus antivirus
.*Vexira Antivirus.*your mail\:.*       Virus-Subject:  bogus antivirus
.*Virus Detectad.*      Virus-Subject:  bogus antivirus
.*Non remis \:.*        Virus-Subject:  bogus antivirus
.*VIRUS RE\:.*  Virus-Subject:  bogus antivirus
.*ON VIRUST KULDOTT\!.* Virus-Subject:  bogus antivirus
.*VIRUS EM EMAIL PARA VOCE.*    Virus-Subject:  bogus antivirus
.*virus encontrado na mensagem enviada.*        Virus-Subject:  bogus antivirus
.*Ochrona antywirusowa.*        Virus-Subject:  bogus antivirus
.*Returned mail\: Possible Virus Infection.*    Virus-Subject:  bogus antivirus
.*Virus incident.*      Virus-Subject:  bogus antivirus
.*Virus figyelmeztetes.*        Virus-Subject:  bogus antivirus
.*Undeliverable\: An email for you contains VIRUSES.*   Virus-Subject:  bogus antivirus
.*Ecartis command results\: -- Binary.*unsupported file stripped by Ecartis --.*        Virus-Subject:  bogus antivirus
.*Advarsel.*Din e-mail indeholder virus.*       Virus-Subject:  bogus antivirus
.*An email for you contains VIRUSES.*   Virus-Subject:  bogus antivirus
.*Your mail server sent us a virus.*    Virus-Subject:  bogus antivirus
.*Illegal attachment type found in sent message.*       Virus-Subject:  bogus antivirus
.*Nie dostarczono poczty e-mail.*       Virus-Subject:  bogus antivirus
.*Virus Infection Alert\!.*     Virus-Subject:  bogus antivirus
.*InterScan NT Alert.*  Virus-Subject:  bogus antivirus
.*SENDER\! Virus found in message from you\!.*  Virus-Subject:  bogus antivirus
.*Returned mail: Executable attachment blocked.*        Virus-Subject:  bogus antivirus
.*BANNED FILENAME IN MAIL TO YOU.*      Virus-Subject:  bogus antivirus
.*Message Delivery Failure - due to attachments.*       Virus-Subject:  bogus antivirus
.*WARNING\! Virus detected.*    Virus-Subject:  bogus antivirus
.*Virusveszely\! Virus warning\!.*      Virus-Subject:  bogus antivirus
.*Virus Detected by Network Associates, Inc. Webshield SMTP.*   Virus-Subject:  bogus antivirus
.*VIRUS NO SEU EMAIL \!\!\!.*   Virus-Subject:  bogus antivirus
.*Warning Possible Virus Alert \!\!\!.* Virus-Subject:  bogus antivirus
.*WARNING\: The message contains a virus\!.*    Virus-Subject:  bogus antivirus
.*Norton AntiVirus detected and quarantined a virus in a message yo.*   Virus-Subject:  bogus antivirus
.*Possible Virus Found in E-Mail.*      Virus-Subject:  bogus antivirus
.*Aviso de correo.universia.net - Virus encontrado.*    Virus-Subject:  bogus antivirus
.*Trovato virus nel messaggio.* Virus-Subject:  bogus antivirus
.*W Twojej wiadomosci znaleziono wirusa!.*      Virus-Subject:  bogus antivirus
.*Returned due to virus; was\:.*        Virus-Subject:  bogus antivirus
.*\{Virus\!\}.* Virus-Subject:  bogus antivirus
.*\{Virus?\}.*  Virus-Subject:  bogus antivirus
.*Znaleziono wirusa w Twojej wiadomosci.*       Virus-Subject:  bogus antivirus
.*ALERT\: A virus was found on an e-mail sent by you.*  Virus-Subject:  bogus antivirus
.*WIRUS W TWOJEJ POCZCIE.*      Virus-Subject:  bogus antivirus
.*"Returned due to virus; was\:".*    Virus-Subject:  bogus antivirus
.*NAV detected a virus in a document you authored.*     Virus-Subject:  bogus antivirus
.*Anti-Virus detected a violation in a document you authored.*  Virus-Subject:  bogus antivirus
.*-Danger \: Virus ...

read more »