Jerry Preeper said at one time:
This is what I have in my rc.viruses file. Comments, easier way to do this?
:0B f
* I received your e-mail and I shall send you a reply ASAP
* take a look at the attached zipped docs
* zipped_files.exe
|formail -A "X-Spam-Reject: rc.viruses - worm.explore"
:0
* ^X-Spam-Reject:
/var/mail/spam
You might consider just filtering for 'zipped_files.exe' and
not depend on the text. I received a notice about this from CERT
and I included some text below.
Also, I am not an expert at making recipes, perhaps yours are
a shorthand, but isn't there supposed to be a '^' or some such
indicating an action following the '*'?
Enclosed CERT text:
"The ExploreZip Trojan horse has been propagated in the form of email
messages containing the file zipped_files.exe as an attachment. The
body of the email message usually appears to come from a known email
correspondent, and may contain the following text:
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
The subject line of the message may not be predictable and may appear.."
Thanks,
--Paul T,
--
Windows98 (noun): 32 bit extensions and a graphical shell for a 16 bit
patch to an 8 bit operating system originally coded for a 4 bit
microprocessor, written by a 2 bit company, that can't stand 1 bit of
competition.