North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: other virus damages/costs.....(hello skynet.be ?)

  • From: Todd Vierling
  • Date: Mon Feb 02 13:45:47 2004

On Mon, 2 Feb 2004, Randy Bush wrote:

: # MyDoom craziness
: :
: * ^Subject:.*(\

Actually, Mydoom has a very detectable signature.  It has both X-Priority
and X-MSMail-Priority headers, but *neither* a X-Mailer nor X-MimeOLE
header.

These conditions make, for instance, SpamAssassin catch the worm easily.
Based on all the available mailboxes I can scan from here, such a check
should kill only Mydoom [and some spam].

Rolled that into a milter, and poof!

-- 
-- Todd Vierling <[email protected]> <[email protected]>