What code is needed for this?
----- Original Message -----
From: "Peter Krawczyk" <petek(_at_)mc(_dot_)net>
To: <incidents(_at_)securityfocus(_dot_)com>
Sent: Wednesday, July 25, 2001 11:49 AM
Subject: Tracking SirCam
Trying to track the SirCam virus without looking at the body of the
message, we've found a way to track it via headers.
In the header of the message, everything looks dynamic, and so tracking it
seems to be hard. However, there is a slip -- the Date: header actaully
appears as 'date:'.
A cursory examination of thousands of emails from mailing lists, private
sources, and other sources shows that the only messages using the lower
case 'date:' for the header are sent by the SirCam virus.
This may help those of you who want to filter on headers and not on
message body.
-Pete K
--
Pete Krawczyk <petek(_at_)mc(_dot_)net>
Senior System Administrator
mc.net <http://www.mc.net/>
(847) 594-5111
--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail