A few moments ago I sent an email to michaelr(_at_)shadowstorm(_dot_)com with
some
questions concerning this procmailrc. The odd thing is that I receive the
/var/log/happy99.message back stating I was infected.... I am not
infected.. therefore is this proc really doing the trick? I know I am not
infected since my anti-virus is up-to-date and also that I am running an
Apple Macintosh, not a PC. The happy99 virus is PC based.
I was thrilled to see this proc'rc, but now - before I place it into my
system - I question it's ability? Anyone have any suggestions of what may
have happend to tigger it?
I would want to install this and then cause panic among my users simply due
to it notifing everyone that they are infected.
***** At 11:28 AM -0700 3/5/99, Michael Rawls wrote: *****
Hello All,
There is currently a new virus/worm on the Internet that infects a
users computer by propagating itself across the Internet via email without
the owner of the infected computers' knowledge. Details of the virus/worm
can be found at;
http://www.avertlabs.com/public/datafiles/valerts/vinfo/w32ska.asp
I have created a mail gateway procmail filter for Unix/Linux machines
that will automatically detect the incoming virus/worm, redirect it from
the user's mailbox, store it for safe viewing by the mail server system
administrator in /var/log/happy99.virus, and it will notify the sender of
the infected email that his computer is infected. The filter has been
<-- BLAH BLAH BLAH -->
This is the original email I had sent that triggered the Infection reply
========
Thank you for the proc filter for the happy99.exe
I set it up as you specified, after one of our users system became infected.
I would like to test this before notifing my users that they may send email
for testing.
Currently I have in the /etc/ directory
.forward file containing
|/usr/bin/procmail
and a .procmailrc file containing
* procmail filter went here *
Should this work as is?
If I encode -anything- into uu format and name it happy99.exe - will this
also trigger it? Thanks for the info
<-- End Original Email -->
Any Suggestion?
- The most powerful Internet Provider available without a prescription!
http://www.ihs2000.com
mailto:hensj(_at_)ihs2000(_dot_)com
Henry Smith
System Administrator