Date: Tue, 27 Nov 2001 10:58:45 -0500 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: The Stupid Virus going arround. Message-ID: <20011127155844.GD36710@keyslapper.org> In-Reply-To: <20011127144157.GA12429@rhadamanth> References: <012101c17750$94e047e0$a50410ac@olmct.net> <20011127144157.GA12429@rhadamanth>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On 11/27/01 02:41 PM, setantae sat at the `puter and typed:
> On Tue, Nov 27, 2001 at 09:34:11AM -0500, Andre` Niel Cameron wrote:
> > The next time I get this thing I am sending everyone a copy a Norton;)
> > Everyone knows someone stuck a virus on the list, most of us have Anti Virus
> > software some do not I think those who do not need to goto download.com and
> > get some as you keep sending the virus to the list. Just a thought.
>
> Did anyone knock out a procmail recipe for it yet ?
>
> If so, could you share it please ?
>
> Thanks,
>
> Ceri
This was recently shared on the procmail users list:
# Trap BadTrans? (signature as of 11/26/2001)
#
:0
* > 40000
* < 50000
* ^Subject:.*Re:
*
^Content-Type:.*multipart/related;.*"multipart/alternative";.*boundary="====_ABC1234567890DEF_===="
{
:0 B hfi
* ^Content-Type: audio/x-wav;
* ^Content-ID: <EA4DMGBP9p>
* ^Content-Transfer-Encoding: base64
| formail -Y -f -A "X-Content-Security: [$HOST] NOTIFY" \
-A "X-Content-Security: [$HOST] QUARANTINE" \
-A "X-Content-Security: [$HOST] REPORT: Trapped BadTrans worm - see http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html"
}
:0A
{ FOLDER=spam }
The first recipe will set headers to tell you that it is the worm, the
second can be used to redirect it. I'm just dumping it into a spam
folder with the other cr@p, but you may want to /dev/null or bounce
it.
The key is the Content-Type header. Apparently it always uses the same
mime types and the same boundary - with the quotes.
HTH
Lou
--
Louis LeBlanc leblanc@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
The goal of science is to build better mousetraps. The goal of nature
is to build better mice.
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8A7g0eAPWYrNkRWIRAnW1AJ4hUQpssBtgfHuOTU9kgoCqRGQMvwCfaseF
p002zEOlj+2Qw85re+954gQ=
=7rRN
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011127155844.GD36710>