When a new virus is discovered,
it is often quicker to reject messages based on its reported subject line than
it is to await the latest update of your favorite virus filter software. But this is only a
temporary fix. Because legitimate email will often share the same subjects, it is best
to only screen on the Subject: header between the time the virus is detected and
announced, and the time your virus screening software is updated.
One way to screen by subject is to create a database of subject lines to reject, and
then use that database in a subject-checking rule set. Consider the following text file
which contains one subject per line. The subject is to the left, the word REJECT is to
the right, and the two are separated by one or more tab characters:
I Love You REJECT
Visit Home Now! REJECT
If you were to call this file /etc/mail/spamsubjects, you could turn it into a database
map with commands like this:
# cd /etc/mail
# makemap -t\tab hash spamsubjects < spamsubjects
The -t command-line switchtells makemap that the key and value pairs are separated
by a tab instead of spaces or tabs. The backslash protects the tab from interpretation
by your shell. We use that command-line switch because our keys can contain
internal spaces.*
Once this database is in place, it will be easy to update its contents whenever a new
virus is announced.
Pages:
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493