|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical procmail nimda e-mail filter
# Detect W32.nimda worm and move to /var/tmp/nimda.DATE.username
# w32.nimda.amm
#
:0 i
* ^Content-Type: multipart/related
* ^Content-Disposition: Multipart message
* ^Subject: .*Software\\Microsoft\\Windo.*$
{
:0
{ DATE_=`date "+%Y%m%d"` }
:0 B
* ^Content-Type: audio/x-wav
/var/tmp/nimda.$DATE_.$LOGNAME
}
recycled electrons from sircam...
-bryan bradsby
NOC: 512-475-2432
Texas State Government Net
--
Any technology distinguishable from magic is insufficiently advanced.
|