[62593] in North American Network Operators' Group
Re: Nothing like viruses with bugs in them (Swen)
daemon@ATHENA.MIT.EDU (Brian Bruns)
Fri Sep 19 13:24:39 2003
From: "Brian Bruns" <bruns@2mbit.com>
To: "Mr. James W. Laferriere" <babydr@baby-dragons.com>,
<nanog@merit.edu>
Date: Fri, 19 Sep 2003 13:20:22 -0400
Errors-To: owner-nanog-outgoing@merit.edu
You should be able to take the match parts of the exim filter and adapt them
to procmail. I'm not that familiar with procmail, so I'm not sure, but here
are the primary things the filters look for:
content type: multipart/mixed; boundary=.[a-z]{6}
message body: September 200[23], Cumulative Patch
and
content type: multipart/alternative;
content type: "boundary=.[a-z]{6}
message body: iframe src=3D.cid:.*height=3D0.* width=3D0.*/iframe
Maybe someone out there with procmail experience could post procmail rules
based on this?
--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
----- Original Message -----
From: "Mr. James W. Laferriere" <babydr@baby-dragons.com>
To: <nanog@merit.edu>
Sent: Friday, September 19, 2003 1:07 PM
Subject: Re: Nothing like viruses with bugs in them (Swen)
>
> Hello All ,
>
> On Fri, 19 Sep 2003, Brian Bruns wrote:
> > These are exim filters which catch the damn thing when the antivirus
> > software misses it. Hopefully it might be useful. It was taken from
> > http://pkierski.republika.pl/filtry.shtml.
> ...snipped nice exim filters...
> Is there an example of a procmail filter for this bugger ?
> Tia , JimL
>
> > ----- Original Message -----
> > From: "Mark Radabaugh" <mark@amplex.net>
> > To: <nanog@merit.edu>
> > Sent: Friday, September 19, 2003 12:03 PM
> > Subject: Nothing like viruses with bugs in them (Swen)
> > > Seems like this virus/worm has a bug where it will occasionally send
out 1
> > > byte attachments rather than the correct worm payload. Since the
virus
> > is
> > > not truly attached it tends to pass through e-mail virus scanners.
> > > It's causing a fair amount of end user confusion today -- lots of 'why
is
> > > your/my virus scanner not working?' questions.
> --
>
+------------------------------------------------------------------+
> | James W. Laferriere | System Techniques | Give me VMS
|
> | Network Engineer | P.O. Box 854 | Give me Linux
|
> | babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP
|
>
+------------------------------------------------------------------+
>
