[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exim and Sircam Virus

To: <afnog at afnog.org>
Subject: Re: Exim and Sircam Virus
From: Sematimba Noah K <ksemat at wawa.eahd.or.ug>
Date: Fri, 27 Jul 2001 16:25:40 +0300 (EAT)
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: archive at [216.129.132.164]
Delivered-To: <afnog at afnog.org>
Sender: owner-afnog at uol.co.ug

Well in my procmail I use:

============== snip==============
#
# This one should help de-activate scripts included
# in email messages

:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
  :0 HB
  *^Content-Disposition: attachment;
  *filename=".*\.(vbs|chm|hlp|shs|wsf|vbe|wsh|hta|pif)"
  {
    :0 fhbw
    |/usr/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'

    :0 c
    /root/mail/virusmail.procmail
  }
}
===========end snip==============

You can add as many extensions as you want. This could be put into a
system wide procmail file like /etc/procmailrc this would add a .txt
extension to all the specified scripts such that they will not execute by
default and thus you can scan them before opening them.

Noah.


-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Prev by Date: Re: Exim and Sircam Virus
Next by Date: Re: Exim and Sircam Virus
Prev by thread: Re: Exim and Sircam Virus
Next by thread: Public Alert about the Code Red worm (fwd)
Index(es):
- Date
- Thread