From owner-freebsd-questions Tue Nov 27 7:15: 7 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail48.sdc1.sfba.home.com (femail48.sdc1.sfba.home.com [24.254.60.42]) by hub.freebsd.org (Postfix) with ESMTP id D7E4A37B417 for ; Tue, 27 Nov 2001 07:15:01 -0800 (PST) Received: from crazyhorse ([24.21.114.209]) by femail48.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20011127151501.HKDZ17928.femail48.sdc1.sfba.home.com@crazyhorse>; Tue, 27 Nov 2001 07:15:01 -0800 Message-Id: <3.0.5.32.20011127081458.0095e720@mail.tucson1.az.home.com> X-Sender: rpsbsd@mail.tucson1.az.home.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Tue, 27 Nov 2001 08:14:58 To: setantae , questions@FreeBSD.ORG From: R Paschal Subject: Re: The Stupid Virus going arround. In-Reply-To: <20011127144157.GA12429@rhadamanth> References: <012101c17750$94e047e0$a50410ac@olmct.net> <012101c17750$94e047e0$a50410ac@olmct.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 02:41 PM 11/27/01 +0000, setantae wrote: >On Tue, Nov 27, 2001 at 09:34:11AM -0500, Andre` Niel Cameron wrote: >> The next time I get this thing I am sending everyone a copy a Norton;) >> Everyone knows someone stuck a virus on the list, most of us have Anti Virus >> software some do not I think those who do not need to goto download.com and >> get some as you keep sending the virus to the list. Just a thought. > >Did anyone knock out a procmail recipe for it yet ? > >If so, could you share it please ? It should be easy to catch any Windows program. This starts within the first 100 bytes of all window executables, usually starting at 004Eh: "This program cannot be run in DOS mode." Have fun, Rich To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message