You should be able to take the match parts of the exim filter and adapt them to procmail. I'm not that familiar with procmail, so I'm not sure, but here are the primary things the filters look for: content type: multipart/mixed; boundary=.[a-z]{6} message body: September 200[23], Cumulative Patch and content type: multipart/alternative; content type: "boundary=.[a-z]{6} message body: iframe src=3D.cid:.*height=3D0.* width=3D0.*/iframe Maybe someone out there with procmail experience could post procmail rules based on this? -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 ----- Original Message ----- From: "Mr. James W. Laferriere" <babydr@baby-dragons.com> To: <nanog@merit.edu> Sent: Friday, September 19, 2003 1:07 PM Subject: Re: Nothing like viruses with bugs in them (Swen)
Hello All ,
On Fri, 19 Sep 2003, Brian Bruns wrote:
These are exim filters which catch the damn thing when the antivirus software misses it. Hopefully it might be useful. It was taken from http://pkierski.republika.pl/filtry.shtml. ...snipped nice exim filters... Is there an example of a procmail filter for this bugger ? Tia , JimL
----- Original Message ----- From: "Mark Radabaugh" <mark@amplex.net> To: <nanog@merit.edu> Sent: Friday, September 19, 2003 12:03 PM Subject: Nothing like viruses with bugs in them (Swen)
Seems like this virus/worm has a bug where it will occasionally send
out 1
byte attachments rather than the correct worm payload. Since the virus is not truly attached it tends to pass through e-mail virus scanners. It's causing a fair amount of end user confusion today -- lots of 'why is your/my virus scanner not working?' questions. --
+------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS
|
| Network Engineer | P.O. Box 854 | Give me Linux
|
| babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP
|
+------------------------------------------------------------------+