I use the following in my /etc/procmailrc file:
Code:
## catch virus attachments
:0 B:
* name=.*(\.pif|\.bat|\.vbs|\.exe|\.scr)
/dev/null
If you have procmail installed and configured with sendmail (maybe other MUAs as well, not sure), it will catch any attachments with the extensions listed. Note that this will also trash windows executables so you might want to take that part out. It is pretty effective. I tested the script for a long time by redirecting mail to a special account so that I could review what was being caught. The only false positives were when someone tried to send an uncompressed executable to a user.
If you don't have access to the /etc directory you should be able to put the same thing in a local .procmailrc file (ie for accounts on a shared server).
It has saved me from gigabytes of sobig virii infected messages over just the last couple of weeks.
Michael Coyne
seaturtle.org