On Mon, 26 Jan 2004 23:57:08 -0500, Lyle Evans
<mlevans(_at_)blacksburg(_dot_)net>
wrote:
This is a first draft of a recipe to block the MyDoom (or SCO.A) virus
The signature I got off the net. Comments, test results or improvement
suggestion requested. I am not sure how well it works (or even if it
works).
:0 B
* > 20000
* < 36000
*^aHR0cDovL3ZpbC5uYWkuY29tL3ZpbC9jb250ZW50L3ZfMTAwOTgzLmh0bQ==
* ^ *Content-Disposition: attachment;
* filename=".*\.(pif|exe|scr|zip|bat|cmd)"
{
LOG='MyDoom virus detected"
:0
/var/log/virusmail
}
I am late in this thread, but 2 things I noticed.
1. LOG='MyDoom virus detected" will cause a problem.
LOG="MyDoom virus detected" is the correct syntax, at least on my
sandbox.
2. For the MyDoom, I am getting this virus signature.
UEsDBAoAAAAAA
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail