[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Bouncing Email's with Attachements W32.Sircam.Worm@mm

Subject: RE: [cobalt-users] Bouncing Email's with Attachements W32.Sircam.Worm@mm
From: "Dan Kriwitsky" <webhosting@xxxxxxxxx>
Date: Thu Aug 2 08:35:38 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Well to catch sircam as it currently exists you can put this into
> etc/procmailrc
> ---------------cut below this line----------------
> :0:sircam.lock
> * B ?? Hi\! How are you(\?|=3F)
> * 1^0 B ?? I send you this file in order to have your advice
> * 1^0 B ?? I hope you like the file that I send( t)?o you
> * 1^0 B ?? This is the file with the information that you ask for
> * B ?? See you later(\.|=2E) Thanks
> 	/home/tmp/sircam
> #That could also be /dev/null instead
> 

Someone posted this to another list:
This was posted on spam-l by Bob Poortinga -

 For those of you who use Procmail or other regexp mail filtering, here
 is a pattern that will trap W32.Sircam.Worm@mm with no false positives:
 
 ^Content-Type:
 multipart.*"----[A-F0-9]+_Outlook_Express_message_boundary"
 
 For procmail:

:0 D
* ^Content-Type:
* multipart.*"----[A-F0-9]+_Outlook_Express_message_boundary"
virus

For Postfix:

main.cf:
--------
header_checks = regexp:/etc/postfix/header.regexp

header.regexp:
--------------
/^Content-Type:
multipart.*"----[A-F0-9]+_Outlook_Express_message_boundary"/i REJECT

-- 
Dan Kriwitsky

Follow-Ups:
- [cobalt-users] [RaQ3i] replacing the hard drive
  - From: Theo Jones

References:
- RE: [cobalt-users] Bouncing Email's with Attachements W32.Sircam.Worm@mm
  - From: Colin J. Raven

Prev by Date: RE: [cobalt-users] Watch out for Sun support
Next by Date: Re: [cobalt-users] Watch out for Sun support
Previous by thread: [cobalt-users] Weird lock
Next by thread: [cobalt-users] [RaQ3i] replacing the hard drive

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index