On Thu, 4 May 2000, Bertil Stenstrom wrote:
Sorry to be off topic, but this is rather urgent.
Currently we have an email attack which exploits Outlooks address-book and
resends the received letter to any address resolved there. There's always
the same subject-line.
Can someone help me with a solution to block mails with a certain
subject-line in sendmail 8.9.3 ?? (RedHat 6.2) Most of our mails are
rerouted with sendmail.
For sendmail 8.9-ish, based on the Melissa virus last year, I have just
cobbled together the following, to trap the "ILOVEYOU" subject line (so we
need to be careful about our own "Subject:" when discussing this!)
HSubject: $>Check_Subject
<... you may already have Melissa lines here ...>
D{ILYPat}ILOVEYOU
D{ILYMsg}This message may contain the ILOVEYOU virus.
SCheck_Subject
<... you may already have Melissa lines here ...>
R$* ${ILYPat} $* $#error $: 553 ${ILYMsg}
I make no claims that it is anywhere near optimal, but it has trapped
about 6 messages in the last 20 minutes. (No idea how many of those were
"false positives".) Absolutely no warranties on it: own-risk etc. ...
Please feel free to improve it and/or correct it.
--
: David Lee I.T. Service :
: Systems Programmer Computer Centre :
: University of Durham :
: http://www.dur.ac.uk/~dcl0tdl South Road :
: Durham :
: Phone: +44 191 374 2882 U.K. :