[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] JS_KAKWORM.A virus [Followup]

Subject: RE: [cobalt-users] JS_KAKWORM.A virus [Followup]
From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
Date: Thu Aug 23 07:45:33 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Anyone have a procmail recipe for this yet that they would like
> to share?  I
> am a rookie procmail user and could use some pointers..

In thinking on a slightly deeper level about this, and also re-reading
symantec's
blurb on the subject again,  the recipe I posted earlier might not always
work.

I'm going to do some further reading and post whatever I find to the list.
I'm prepared to say at this point that there perhaps may not be a 100%
procmail-driven solution. I'm going to grab a sample of the worm and see if
it could be trapped by a known MIME boundary or similar recurring pattern.
If a pattern exists it can be caught.

To console you (lest you despair), almost every known virus has a pattern of
some kind. The trick is to be able to identify it.
Groetjes,
-Colin
--
Colin J. Raven

References:
- [cobalt-users] JS_KAKWORM.A virus
  - From: Scott w

Prev by Date: RE: [cobalt-users] JS_KAKWORM.A virus [LONG]
Next by Date: Re: [cobalt-users] CPU Heavily Loaded
Previous by thread: RE: [cobalt-users] JS_KAKWORM.A virus [LONG]
Next by thread: RE: [cobalt-users] JS_KAKWORM.A virus [LONG]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index