procmail
[Top] [All Lists]

Re: virus recipe for MyDoom

2004-01-27 05:41:40
On 27 Jan 2004 Dallman Ross (dman(_at_)nomotek(_dot_)com) wrote:
If someone using Virus Snaggers can state definitively
that it continues to work on new viruses, that would be
helpful.

I just added zip, bat, and cmd to NASTEXT and am now catching a
ton of .zip infested messages that I wasn't before. Here's the
scoop: According to this site:

 <http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100983>

The extensions are pif, exe, scr, zip, bat, cmd.

Here's what my old NASTYEXT was:

 NASTYEXT = "${NASTYEXT:-(exe|hta|pif|scr|shs|vb[se]|ws[fh]|(doc|txt|xls)\.)}"

And here it is revised:

 NASTYEXT = 
"${NASTYEXT:-(exe|zip|bat|cmd|hta|pif|scr|shs|vb[se]|ws[fh]|(doc|txt|xls)\.)}"

I quarantine the entire messages so I'm watching them and making
sure I don't catch any good mail, especially since some of this
filtering is for other people.

I'll update my Procmail Quick Start so there's a blurb about
this. And I'll blog about it too! (but hardly anyone reads my
blog...)

Thanks,
Nancy

-- 
Nancy McGough
Infinite Ink ~ <http://www.ii.com>
Deflexion & Reflexion (my atom-enabled blog) ~ <http://deflexion.com>

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail