|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Nothing like viruses with bugs in them (Swen)
These are exim filters which catch the damn thing when the antivirus software misses it. Hopefully it might be useful. It was taken from http://pkierski.republika.pl/filtry.shtml. ######## # Swen # ######## if $h_content-type matches "multipart/mixed; boundary=.[a-z]{6}" and $message_body matches "September 200[23], Cumulative Patch" then logfile $home/filter.log 0644 logwrite "$tod_log - filter: *** Swen.1 *** - sender: $sender_address - subj$ seen finish endif ######## # Swen # ######## if $h_content-type contains "multipart/alternative;" and $h_content-type matches "boundary=.[a-z]{6}" and $message_body matches "iframe src=3D.cid:.*height=3D0.* width=3D0.*/iframe" then logfile $home/filter.log 0644 logwrite "$tod_log - filter: *** Swen.2 *** - sender: $sender_address - subj$ seen finish endif -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.2mbit.com ICQ: 8077511 ----- Original Message ----- From: "Mark Radabaugh" <[email protected]> To: <[email protected]> Sent: Friday, September 19, 2003 12:03 PM Subject: Nothing like viruses with bugs in them (Swen) > > Seems like this virus/worm has a bug where it will occasionally send out 1 > byte attachments rather than the correct worm payload. Since the virus is > not truly attached it tends to pass through e-mail virus scanners. > > It's causing a fair amount of end user confusion today -- lots of 'why is > your/my virus scanner not working?' questions. > > Mark Radabaugh > Amplex > (419) 720-3635 > > >
|