Netfilter is not an application layer Firewall.

Try something like sendmail/Mailscanner and pick up clamav. I was 
blocking before I even knew about the virus!


Ray Leach wrote:

>On Thu, 2004-01-29 at 20:06, Eliot, GLI wireless tech support wrote:
>  
>
>>Has anyone come up with a ruleset for classifying a random TCP or
>>specific SMTP connection as being the W32/MyDoom.A virus?
>>    
>>
>
><<snip>>
>
>  
>
>>Anyone have any ideas how to do this without too many false positives?
>>(IE a document on the web that describes the characteristics of
>>MyDoom.A). 
>>    
>>
>
>Since it spreads via SMTP from clients and not servers, why not just
>block all smtp traffic outbound to the internet from your client
>machines, and only allow your mail server to send smtp mail?
>
>Of course you would need a decent anti-virus program on the mail server.
>
>The other way you could possibly do this is by using a string match to
>look inside any smtp packets for matches of the attachment names(?).
>
>  
>