procmail
[Top] [All Lists]

Re: Happy99.exe virus/worm filter for mail server gateways

1999-03-06 19:23:43
A few moments ago I sent an email to michaelr(_at_)shadowstorm(_dot_)com with 
some
questions concerning this procmailrc. The odd thing is that I receive the
/var/log/happy99.message back stating I was infected.... I am not
infected.. therefore is this proc really doing the trick?  I know I am not
infected since my anti-virus is up-to-date and also that I am running an
Apple Macintosh, not a PC. The happy99 virus is PC based.

I was thrilled to see this proc'rc, but now - before I place it into my
system - I question it's ability?  Anyone have any suggestions of what may
have happend to tigger it?

I would want to install this and then cause panic among my users simply due
to it notifing everyone that they are infected.

***** At 11:28 AM -0700 3/5/99, Michael Rawls wrote: *****


Hello All,
  There is currently a new virus/worm on the Internet that infects a
users computer by propagating itself across the Internet via email without
the owner of the infected computers' knowledge.  Details of the virus/worm
can be found at;

http://www.avertlabs.com/public/datafiles/valerts/vinfo/w32ska.asp

 I have created a mail gateway procmail filter for Unix/Linux machines
that will automatically detect the incoming virus/worm, redirect it from
the user's mailbox, store it for safe viewing by the mail server system
administrator in /var/log/happy99.virus, and it will notify the sender of
the infected email that his computer is infected.  The filter has been

<-- BLAH BLAH BLAH -->

This is the original email I had sent that triggered the Infection reply
========
Thank you for the proc filter for the happy99.exe

I set it up as you specified, after one of our users system became infected.

I would like to test this before notifing my users that they may send email
for testing.

Currently I have in the /etc/  directory

.forward file containing

|/usr/bin/procmail

and a .procmailrc file containing

* procmail filter went here *


Should this work as is?

If I encode -anything- into uu format and name it happy99.exe   - will this
also trigger it?  Thanks for the info

<-- End Original Email -->


Any Suggestion?

        - The most powerful Internet Provider available without a prescription!

http://www.ihs2000.com
mailto:hensj(_at_)ihs2000(_dot_)com

Henry Smith


System Administrator






<Prev in Thread] Current Thread [Next in Thread>