[67093] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: other virus damages/costs.....(hello skynet.be ?)

daemon@ATHENA.MIT.EDU (Todd Vierling)
Mon Feb 2 13:44:04 2004

Date: Mon, 2 Feb 2004 13:40:28 -0500 (EST)
From: Todd Vierling <tv@duh.org>
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
In-Reply-To: <E1Angg4-0005vF-PB@ran.psg.com>
Errors-To: owner-nanog-outgoing@merit.edu

On Mon, 2 Feb 2004, Randy Bush wrote:

: # MyDoom craziness
: :
: * ^Subject:.*(\

Actually, Mydoom has a very detectable signature.  It has both X-Priority
and X-MSMail-Priority headers, but *neither* a X-Mailer nor X-MimeOLE
header.

These conditions make, for instance, SpamAssassin catch the worm easily.
Based on all the available mailboxes I can scan from here, such a check
should kill only Mydoom [and some spam].

Rolled that into a milter, and poof!

-- 
-- Todd Vierling <tv@duh.org> <tv@pobox.com>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[67093] in North American Network Operators' Group

Re: other virus damages/costs.....(hello skynet.be ?)

daemon@ATHENA.MIT.EDU (Todd Vierling)Mon Feb 2 13:44:04 2004

daemon@ATHENA.MIT.EDU (Todd Vierling)
Mon Feb 2 13:44:04 2004