Nothing like viruses with bugs in them (Swen)
Brian Bruns
bruns at 2mbit.com
Fri Sep 19 16:40:27 UTC 2003
These are exim filters which catch the damn thing when the antivirus
software misses it. Hopefully it might be useful. It was taken from
http://pkierski.republika.pl/filtry.shtml.
########
# Swen #
########
if $h_content-type matches "multipart/mixed; boundary=.[a-z]{6}" and
$message_body matches "September 200[23], Cumulative Patch"
then
logfile $home/filter.log 0644
logwrite "$tod_log - filter: *** Swen.1 *** - sender: $sender_address -
subj$
seen finish
endif
########
# Swen #
########
if $h_content-type contains "multipart/alternative;" and
$h_content-type matches "boundary=.[a-z]{6}" and
$message_body matches "iframe src=3D.cid:.*height=3D0.*
width=3D0.*/iframe"
then
logfile $home/filter.log 0644
logwrite "$tod_log - filter: *** Swen.2 *** - sender: $sender_address -
subj$
seen finish
endif
--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
----- Original Message -----
From: "Mark Radabaugh" <mark at amplex.net>
To: <nanog at merit.edu>
Sent: Friday, September 19, 2003 12:03 PM
Subject: Nothing like viruses with bugs in them (Swen)
>
> Seems like this virus/worm has a bug where it will occasionally send out 1
> byte attachments rather than the correct worm payload. Since the virus
is
> not truly attached it tends to pass through e-mail virus scanners.
>
> It's causing a fair amount of end user confusion today -- lots of 'why is
> your/my virus scanner not working?' questions.
>
> Mark Radabaugh
> Amplex
> (419) 720-3635
>
>
>
More information about the NANOG
mailing list