Virus Screening by Subject
Many messages that contain viruses, worms, or Trojan
horses have distinctive subject lines, the text of
which is usually reported in the news. When a new
virus is discovered, it is often quicker to reject
messages based on its reported subject line than it
is to await the latest update of your favorite virus
filter software. But this is only a temporary fix.
Because legitimate email will often share the same
subjects, it is best to only screen on the Subject: header between
the time the virus is detected and announced, and
the time your virus screening software is
updated.
One way to screen by subject is to create a database of subject lines to reject, and then use that database in a subject-checking rule set. Consider the following text file which contains one subject per line. The subject is to the left, the word REJECT is to the right, and the two are separated by one or more tab characters:
I Love You REJECT Visit Home Now! REJECT
If you were to call this file /etc/mail/spamsubjects, you could turn it into a database map with commands like this:
#cd /etc/mail#makemap -t\tab hash spamsubjects < spamsubjects
The -t command-line
switch tells makemap that the
key and value pairs are separated by a tab instead
of spaces or tabs. The backslash protects the tab
from interpretation by your shell. We use that
command-line switch because our keys can contain
internal spaces.[126]
Once this database is in place, it will be easy to update its contents whenever a ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
