From owner-freebsd-questions Thu May 4 19:55:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from yoonax.net (cmauch4.wia.com [206.159.17.195]) by hub.freebsd.org (Postfix) with ESMTP id 2D69D37B86D for ; Thu, 4 May 2000 19:55:45 -0700 (PDT) (envelope-from cpm@yoonax.net) Received: from xterm2000 (cable.yoonax.net [24.5.78.155]) by yoonax.net (8.9.3/8.9.3) with SMTP id TAA39654 for ; Thu, 4 May 2000 19:55:41 -0700 (PDT) (envelope-from cpm@yoonax.net) Reply-To: From: "Charles Mauch" To: Subject: Fix for Love Virii (sendmail) Date: Thu, 4 May 2000 19:55:51 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG We were nailed at work with the ILOVEYOU virii. This was my second round with an outbreak like this and I'd allready applied my own hacked up fix. If it comes in handy, let me know. It does cause a little extra load on sendmail, but compared to the load we would have experienced if I'd let it run rampant for the next hour it's nothing ;) Let me know if you find it handy. Apply this to your original .mc and compile it into your sendmail.cf LOCAL_RULESETS # Virus checking routine. HSubject: $>Check_Subject D{MPatLove}ILOVEYOU D{MMsgLove}This message may contain the the Love Letter virus. D{MPatPark}C:\\CoolProgs\\Pretty Park.exe D{MMsgPark}This message may contain the Pretty Park virus. SCheck_Subject R${MPatLove} $* $#error $: 553 ${MMsgLove} RRe: ${MPatLove} $* $#error $: 553 ${MMsgLove} R${MPatPark} $* $#error $: 553 ${MMsgPark} RRe: ${MPatPark} $* $#error $: 553 ${MMsgPark} Please note that between $* and $#error there *MUST* be a tab, no spaces. Charles Mauch --- Email: cpm@yoonax.net / Finger for PGP Public key PGP Fingerprint: B02C B98B 02A5 3D76 8C74 B24F 9279 337C This email was generated by a Congregation of Worried Midgets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message