At 18:35 2001-07-31 -0500, Gregory Berardi wrote:
Does anyone have a way to stop the magistr virus?
Doesn't sound a bell. Let's assume that it is an email-bourne
worm/trojan/virus -- if it isn't, then this certainly isn't the list to
inquire about it on.
I'd start by reading CERT and McAffee, etc., virus bulletins about it, to
determine the nature of distribution and possible mutation. Then, if
you've actually received one or more copies of it, examine the message and
headers.
Does it mutate the filename, or is it always the same? Are there static
components in the message body or subject?
Whatever you do, DO NOT post the attachment itself it to this list -
partial headers and text excertpts from the message body are one thing, but
the full message isn't cool.
There have been a number of messages about SirCam, and other generic
executable attachment filters posted in the past weeks, as well as numerous
links to the Sanitizer - you should check them and seeing how to adapt them
to this Magistr virus. If you check the URL in my .sig, you'll get
information on how to set up a testbed configuration to properly test your
recipes against a saved copy of the virus email(s), to see if it
effectively isolates it. You should also consider throwing a saved copy of
your regular mailbox folders at the recipe to see whether it gets false
positives.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail