procmail
[Top] [All Lists]

Re: Recipes to catch virus warning responses

2003-08-20 15:54:09
Here is a start,  and these are working. I'll be working on adding
additional rules so if anybody wants to share some more, please do. Of
course, your own filters may prevent this message from getting to you.

I'm a procmail newbie, so any pointers are welcome.


 ## for Sobig returns from AOL
    :0B:
    * AOL Postmaster
    /var/log/sobigwarnings

    ## more warnings
    :0B:
    * A Virus was found in an Email message you sent
    /var/log/sobigwarnings

    ## and more
    :0B:
    * Virus W32(_dot_)Sobig(_dot_)F(_at_)mm was found
    /var/log/sobigwarnings

    ### more
    :0B:
    * LBG Virus software on our mail server
    /var/log/sobigwarnings

   ### still mor
    :0B:
    * The E-mail containing the virus has been quarantined to prevent
further damage
    /var/log/sobigwarnings

   ## more
   :0B:
   * MailWatch has scanned your e-mail
   /var/log/sobigwarnings

   ## still yet again
   :0B:
   * A message containing a virus was sent from your e-mail address
   /var/log/sobigwarnings

   #
   :0B:
   * it contained an attachment not accepted by the e-mail system in use
   /var/log/sobigwarnings



-- 
David W. MacDougall, E-mail administrator
The Post and Courier
843.937.5655

Bart Schaefer said:
We're now /dev/null-ing our flood of Sobig.F's, but we're still
getting a lot of silly "you may be infected" auto-responses (of
course, we're not infected, the worm is forging the sender address, as
a simple rDNS on  the sending IP would demonstrate).

Does anyone happen to already have a set of recipes to catch these?
Sent by Declude, NAV for Exchange, RAV, etc. etc. ...


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail




_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>