Re: virus recipe for MyDoom

Hi Scott,

I'm not sure if you can range for size in procmail but still no

false positives and Nikant and Dallman have built some recipies as
well that will be worth looking at...


Robin
On Tue, Jan 27, 2004 at 11:15:44AM -0600, scott.list wrote:

Robin:

<snip>


Thanks Robin,

I have been using Dallman's for some time now.  I have no problem
tossing the .scr,.pif's, etc, but as everyone knows .zips are more
likely to have "good" messages.  I didn't want to add zip to the bad
extensions but to stem the tidal wave of this virus I did add a recipe
to catch a subset of zips and hoepfully all the zipped viruses.  This
at least cuts down on false positives.

So I use:

:0 B
* > 30000
* < 34000
* ^.*name=.*\.zip
/home/mail/virus

Then Dallmans...



_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread]	Current Thread	[Next in Thread>
Re: virus recipe for MyDoom, (continued) Re: virus recipe for MyDoom, Nancy McGough Re: virus recipe for MyDoom, Dallman Ross Re[2]: virus recipe for MyDoom, Robert Allerstorfer Re: virus recipe for MyDoom, Bart Schaefer Re: virus recipe for MyDoom, JoeHill Re: virus recipe for MyDoom, Robert Arnold Re: virus recipe for MyDoom, Dallman Ross Re: virus recipe for MyDoom, Chris Barnes Re: virus recipe for MyDoom, multimedia-fan Re[2]: virus recipe for MyDoom, scott.list Message not available Re: virus recipe for MyDoom, scott.list <= Re: virus recipe for MyDoom, Ruud H.G. van Tol Re: virus recipe for MyDoom, Dallman Ross Re[2]: virus recipe for MyDoom, Robert Allerstorfer

Previous by Date:	Re: Procmail + Spamassassin, Ruud H.G. van Tol
Next by Date:	Re: Hey newbie here., Dallman Ross
Previous by Thread:	Re[2]: virus recipe for MyDoom, scott.list
Next by Thread:	Re: virus recipe for MyDoom, Ruud H.G. van Tol
Indexes:	[Date] [Thread] [Top] [All Lists]