Can someone give me a quick fix to block the following text in the
body of a message?
Software provide by [MATRiX] VX team:
Ultras, Mort, Nbk, LOrd DArk, Del-Armg0, Anaktos
Greetz:
All VX guy on #virus channel and Vecna
Visit us: www.coderz.net/matrix
By the way, why would that appear in the body of your mail in the
first place?
This is part of a virus/worm (w95.mtx) that's pretty rampant on our system
right now. I've found that the above text is consistent in all the
various attachments containing the virus. I've got a program set up to
respond to the person that sent the message and warn them of the virus.
Now I just need to flag the offending attachment. The previous virus/worm
I've done this for is KAK and it had a much smaller bit of code to match.
Also, this text is actually in the attachment. Does procmail match
against that? It's kind of my only chance to slow this epedimic down, as
the virus randomly picks an attachment name, size and leaves the subject
blank.
--
===============================================
Kip Turk phone: 915.234.5678
Systems Administrator or 800.695.9016
Killer of Spam/Writer of Code/Penguin Proponent
West Central Net fax: 915.656.0071
===============================================
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail