Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Jul 2001 23:41:26 -0700
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Thierry Black" <thierryblack@hotmail.com>, <freebsd-questions@FreeBSD.ORG>
Subject:   RE: SirCam virus
Message-ID:  <000001c11342$7ee09020$1401a8c0@tedm.placo.com>
In-Reply-To: <F214FSrAuWiqJmdTcjJ00003fcf@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Actually this virus is an easy one to block.  According to the
advisory there is always one of the following strings:

"Hi! How are you?"

"I send you this file in order to have your advice"

So all you need to do is replace the local delivery agent with
Procmail and write a procmail recipe to filter out messages
containing either of those strings.  I did a column on this a
while ago it's here:

http://www.computerbits.com/archive/1998/1000/lan9810.html

  You really ought to be doing this for your spamfiltering anyway.

Ted Mittelstaedt                                       tedm@toybox.placo.com
Author of:                           The FreeBSD Corporate Networker's Guide
Book website:                          http://www.freebsd-corp-net-guide.com


>-----Original Message-----
>From: owner-freebsd-questions@FreeBSD.ORG
>[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black
>Sent: Sunday, July 22, 2001 9:32 PM
>To: freebsd-questions@FreeBSD.ORG
>Subject: SirCam virus
>
>
>Hello again! My server has received copies of this "SirCam" virus notified
>at www.symantec.com. We are using sendmail, and cyrus for delivery. How can
>I put a rule to block the messages? The subject, sender, attachment name,
>and headers are all random (taken from the virus victims email). The only
>common things are in the body. The messages start with "Hi! How are you?"
>and end with "See you later. Thanks".
>
>I need to block these messages from being sent to or from our email server.
>I have heard of procmail, but I don't know hwo to use it with sendmail 8.9.3
>and cyrus.
>
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c11342$7ee09020$1401a8c0>