The clamav team is doing a great job of keeping up to date with the Bagle varients, and they've also deployed a couple of generic signatures which should catch at least some variations as they show up. As for finding them on the filesystem once delivered, an easy place to start is "support@$domain" where $domain = your local domain. That seems to be the one getting the most spread today that I've seen. I have to admit at least our users seem to be learning (hit them with a switch (either wooden or 3548) enough and they stop opening everything. Once nice "feature" of the newer Bagle varients is them seem to lookup their local domain's MX instead of pulling the MX out of a user's configuration. Since all of our domains are MX'd to a non-relaying, virus scanning server, it's helping us keep our users from spreading the joy. -S On Wed, 3 Mar 2004, Dan Hollis wrote:
I am curious how network operators are dealing with the latest w32/bagle variants which seem particularly evil.
Also, does anyone have tools for regexp and purging these mails from unix mailbox (not maildir) mailspool files? Eg purging these mails after the fact if they were delivered to user's mailboxes before your virus scanner got a database update.
-Dan
!DSPAM:40463f4f114201456317298!
-- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814