[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Getting Mail Bombed!

Subject: Re: [cobalt-users] Getting Mail Bombed!
From: SteelHead <brk@xxxxxxxx>
Date: Mon Jul 23 02:39:03 2001
Organization: Linuxhelpers
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
From: "David Lucas" <david@xxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Monday, July 23, 2001 9:32 AM
Subject: Re: [cobalt-users] Getting Mail Bombed!

> At 02:32 AM 7/23/2001, you wrote:
> >On Mon, 23 Jul 2001 01:39:27 -0500, David Lucas mumbled something
> >like:
> > >>You want their orders, just not the virus
> >
> >If we can block based on attachments, we've got it just about
> >licked... waiting for more info from Steve and digging around in
> >Google's procmail search results now.
> >--
>
>
> Carrie the attachments are all different.  They are pulled from the email
> senders "My documents" directory.  I have seen pif, doc, com and lnk
> extensions.  They were originally doc, zip and no extension files.  I
> understand that they can come from xls files also.

This particular infection pulls from random docs on the host system's My
Documents folder.  The only key, from all I have seen, is actually filtering
the message body for key phrases gleaned from the ones you have recieved.
As long as you are using a linux box to recieve and read your mail, the
virus will not have any effect.  At this time it is keyed to Windows, but
given the low level sophistication, I expect it may also involve Mac's in
the near future.
Archive the messages for the short time to make use of the body text
strings.

More information can be found at:
 www.NAI.com <http://vil.nai.com/vil/virusSummary.asp?virus_k=99141>
or
www.Norton.com
<http://www.sarc.com/avcenter/venc/data/w32.sircam.worm@xxxxxxx>
or
 www.trendmicro.com
<http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.
A>

Good hunting, Carrie has offer you a script offering for procmail, and if it
is running, take advantage of it.  If, on the otherhand, it is not on your
box, take out the time to install it, and be sure you ask for advice on the
fine tuning ( I guuess carrie knows it)  search the procmail archives and
the web.<www.google.com, procmail install filter message body>>

I hope this helps.

References:
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Steve Werby
- [cobalt-users] Getting Mail Bombed!
  - From: Michael
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Michael
- Re: [cobalt-users] Getting Mail Bombed!
  - From: SteelHead
- Re: [cobalt-users] Getting Mail Bombed!
  - From: Carrie Bartkowiak
- Re: [cobalt-users] Getting Mail Bombed!
  - From: David Lucas
- Re: [cobalt-users] Getting Mail Bombed!
  - From: David Lucas

Prev by Date: RE: [cobalt-users] wap-cobalt4
Next by Date: [cobalt-users] access cobalt patches page (trouble)
Previous by thread: Re: [cobalt-users] Getting Mail Bombed!
Next by thread: Re: [cobalt-users] Getting Mail Bombed!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index