Nothing like viruses with bugs in them (Swen)

• Previous message (by thread): Nothing like viruses with bugs in them (Swen)
• Next message (by thread): Nothing like viruses with bugs in them (Swen)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You should be able to take the match parts of the exim filter and adapt them
to procmail.  I'm not that familiar with procmail, so I'm not sure, but here
are the primary things the filters look for:

content type: multipart/mixed; boundary=.[a-z]{6}
message body: September 200[23], Cumulative Patch

and

content type: multipart/alternative;
content type: "boundary=.[a-z]{6}
message body: iframe src=3D.cid:.*height=3D0.* width=3D0.*/iframe


Maybe someone out there with procmail experience could post procmail rules
based on this?
--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
----- Original Message ----- 
From: "Mr. James W. Laferriere" <babydr at baby-dragons.com>
To: <nanog at merit.edu>
Sent: Friday, September 19, 2003 1:07 PM
Subject: Re: Nothing like viruses with bugs in them (Swen)


>
> Hello All ,
>
> On Fri, 19 Sep 2003, Brian Bruns wrote:
> > These are exim filters which catch the damn thing when the antivirus
> > software misses it.  Hopefully it might be useful.  It was taken from
> > http://pkierski.republika.pl/filtry.shtml.
> ...snipped nice exim filters...
> Is there an example of a procmail filter for this bugger ?
> Tia ,  JimL
>
> > ----- Original Message -----
> > From: "Mark Radabaugh" <mark at amplex.net>
> > To: <nanog at merit.edu>
> > Sent: Friday, September 19, 2003 12:03 PM
> > Subject: Nothing like viruses with bugs in them (Swen)
> > > Seems like this virus/worm has a bug where it will occasionally send
out 1
> > > byte attachments rather than the correct worm payload.   Since the
virus
> > is
> > > not truly attached it tends to pass through e-mail virus scanners.
> > > It's causing a fair amount of end user confusion today -- lots of 'why
is
> > > your/my virus scanner not working?' questions.
> -- 
>
+------------------------------------------------------------------+
>        | James   W.   Laferriere | System    Techniques | Give me VMS
|
>        | Network        Engineer |     P.O. Box 854     |  Give me Linux
|
>        | babydr at baby-dragons.com | Coudersport PA 16915 |   only  on  AXP
|
>
+------------------------------------------------------------------+
>

• Previous message (by thread): Nothing like viruses with bugs in them (Swen)
• Next message (by thread): Nothing like viruses with bugs in them (Swen)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]