On Sat, May 31, 2003 at 09:11:40AM -0600, LuKreme wrote:
On Saturday, May 31, 2003, at 03:47 Canada/Mountain, Dallman Ross
wrote:
Not sure why they made it past the old virus checker that Phillip
By the way, I wrote that really fast just before being on my way out
the door, and now that I see it quoted back to me, I think I may have
caused some misreading by others. I did not mean to imply that Guenther's
code (as modified by me) failed to catch the virus. Rather, that it
*did* catch it, but that I wasn't sure why Don missed collecting for
himself a version of that old recipe, which does work. Sorry for the
confusion, and for sticking an extra L in Philip's first name. (I
blame my brother Phillip for that one.)
Guenther posted four or five years ago. I use a revised version of
it to this day, as one of my only two virus recipes.
Curious as to what the second one is? I assume that one deal with
KLEZ?
Yes, and it's been posted before also, or perfectly workable earlier
versions of it. But here it is. (Thanks, Bart! This is altered
noticably from the original, but the original idea is still at
the core.)
:0 # 030114 () Klez variants; based on original from Bart Schaefer
* > 50000
* $ $GO^0 CTYPE ?? ^^(attachment|multipart/alternative)
* $ $STOP^0 CTYPE ?? /report^^
* $ $GO^0 FROM ?? MAILER-DAEMON
* $ $GO^0 FROM ?? Lyris ListManager
{
:0 B # 030114 () if we're here, go ahead and egrep the body
* ^Content-Type:(.*\<)?(audio/x-|application)
* $ $GO^0 ()<i?frame[$WS]*src=(3d)?cid:
* $ $GO^0 ^--[^$SPACE]+$$Content-
* $ $GO^0 ^--[^$SPACE]+$--[^$SPACE]+$
{ RX = "${RX:+$RX, }VIR_02" }
--
dman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail