Since I was crushed with the SoBig Flood I did some searching for a solution to stop these script-based viruses at the server. I found a script on the mailenable forum that would selectively remove attachments. I modified it to completely delete emails at the server with .vbs, .pif and .scr attachments. Email me at johnw@allprosoftware.com if you're interested in this- it has completely stopped our SoBig problem.

Of course, this is provided without support, warranty or anything else- use at your own risk!

This is a .vbs file that can be installed as the MTA Pickup event in MailEnable.

Email sent.

Thanks!

The file's on the way. If this gets really popular, I'll see about moving it somewhere for download. I kind of want to monitor it's use to begin with (even though it's NOT SUPPORTED) :D

I should also have a caveat- It's NEARLY stopped our sobig problem. This thing's so rabid that it's occasionally spewing out harmless (other than irritating) emails without attachments. Those still make it through.

Thanks a ton! Works like a charm!

Glad to hear it!

One more item on this solution- you can check a log of all the files deleted by looking in the event viewer for applications- they show up as errors from source 'WSH'. It shows to, from, subject and name of the attachment. FYI.

Don't you think you should have an anti-virus solution for your MTA? Really.....

I only have a handful of emails that I monitor, so it's generally more cost-effective to just stick with client-based anti-virus solutions. My current AV works, but I was getting tired of all the junk emails from sobig... this solves the problem- for me...