procmail
[Top] [All Lists]

Re: beagle

2004-03-09 11:15:14
On Tue, 09 Mar 2004, 09:07 GMT-08 Bryan Koschmann - GKT wrote:

Has anyone figured out a good recipe to block the bagle/beagle virus? I've
been searching around and having found anything. If anyone has I would
love to have it.

yes, this one has has blocked all of them:

http://antivirus.softlabs.info/

:-)

If you turn on EXTRACT_VIRUSES in the Configuration file, it will drop
out all the viruses. Since I have that filter running, no single virus
went in my mailbox anymore. Since today 00:00 server time, it catched
42 viruses:

# cat *procmail.log | egrep -c "^  Folder: .*\.virus"
42

# ls -l TRASH/viruses/* | grep -c 200403
42

Both these numbers are identical, which means that the virus
extraction succeeded on all of the infected mails.
Here are all the file names of the isolated viruses, along with the
directory in which they are residing, specifying its virus type:

# ls TRASH/viruses/*
TRASH/viruses/EXE:
20040309_200403090527(_dot_)AAA16167(_at_)anet(_dot_)at_all_document(_dot_)pif  
 20040309_200403091419(_dot_)JAA19177(_at_)anet(_dot_)at_document_4351(_dot_)pif
20040309_200403090643(_dot_)BAA16384(_at_)anet(_dot_)at_friend(_dot_)pif        
 20040309_200403091424(_dot_)JAA19233(_at_)anet(_dot_)at_application(_dot_)pif
20040309_200403090656(_dot_)BAA16497(_at_)anet(_dot_)at_your_product(_dot_)pif  
 20040309_200403091434(_dot_)JAA19295(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403090708(_dot_)CAA16609(_at_)anet(_dot_)at_your_picture(_dot_)pif  
 
20040309_200403091503(_dot_)KAA19530(_at_)anet(_dot_)at_mails(_dot_)htm(_dot_)com
20040309_200403090737(_dot_)CAA16731(_at_)anet(_dot_)at_all_document(_dot_)pif  
 
20040309_200403091504(_dot_)KAA19548(_at_)anet(_dot_)at_document_excel(_dot_)pif
20040309_200403090753(_dot_)CAA16845(_at_)anet(_dot_)at_ps(_dot_)com            
 20040309_200403091534(_dot_)KAA19823(_at_)anet(_dot_)at_document_full(_dot_)pif
20040309_200403090815(_dot_)DAA16972(_at_)anet(_dot_)at_your_product(_dot_)pif  
 20040309_200403091535(_dot_)KAA19855(_at_)anet(_dot_)at_my_details(_dot_)pif
20040309_200403090841(_dot_)DAA17157(_at_)anet(_dot_)at_all_document(_dot_)pif  
 20040309_200403091539(_dot_)KAA19881(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403090951(_dot_)EAA17698(_at_)anet(_dot_)at_your_document(_dot_)pif 
 20040309_200403091600(_dot_)LAA20031(_at_)anet(_dot_)at_mail2(_dot_)pif
20040309_200403090956(_dot_)EAA17737(_at_)anet(_dot_)at_message_part2(_dot_)pif 
 20040309_200403091603(_dot_)LAA20079(_at_)anet(_dot_)at_document_full(_dot_)pif
20040309_200403091022(_dot_)FAA17935(_at_)anet(_dot_)at_jokes(_dot_)rtf(_dot_)pif
      
20040309_200403091610(_dot_)LAA20118(_at_)anet(_dot_)at_document_excel(_dot_)pif
20040309_200403091141(_dot_)GAA18417(_at_)anet(_dot_)at_all_document(_dot_)pif  
 20040309_200403091650(_dot_)LAA20306(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403091146(_dot_)GAA18443(_at_)anet(_dot_)at_my_details(_dot_)pif    
 20040309_200403091709(_dot_)MAA20420(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403091243(_dot_)HAA18624(_at_)anet(_dot_)at_document_word(_dot_)pif 
 20040309_200403091724(_dot_)MAA20486(_at_)anet(_dot_)at_your_bill(_dot_)pif
20040309_200403091306(_dot_)IAA18781(_at_)anet(_dot_)at_mp3music(_dot_)pif      
 20040309_200403091736(_dot_)MAA20570(_at_)anet(_dot_)at_your_product(_dot_)pif
20040309_200403091311(_dot_)IAA18813(_at_)anet(_dot_)at_object(_dot_)txt(_dot_)com
     
20040309_200403091749(_dot_)MAA20623(_at_)anet(_dot_)at_application(_dot_)pif
20040309_200403091326(_dot_)IAA18862(_at_)anet(_dot_)at_description(_dot_)com   
 20040309_200403091756(_dot_)MAA20670(_at_)anet(_dot_)at_yours(_dot_)pif
20040309_200403091335(_dot_)IAA18896(_at_)anet(_dot_)at_your_letter(_dot_)pif   
 20040309_eqbwnngcgwpamcdrwqs(_at_)anet(_dot_)at_Attach(_dot_)pif
20040309_200403091401(_dot_)JAA19067(_at_)anet(_dot_)at_your_text(_dot_)pif

TRASH/viruses/EZIP:
20040309_esjhmocisvnbfqexibt(_at_)anet(_dot_)at_TextFile(_dot_)zip

TRASH/viruses/ZIP:
20040309_200403090817(_dot_)DAA16995(_at_)anet(_dot_)at_found(_dot_)zip         
20040309_200403091449(_dot_)JAA19414(_at_)anet(_dot_)at_document(_dot_)zip
20040309_200403090818(_dot_)DAA17029(_at_)anet(_dot_)at_your_details(_dot_)zip  
20040309_200403091639(_dot_)LAA20251(_at_)anet(_dot_)at_attachment(_dot_)zip
20040309_200403091138(_dot_)GAA18361(_at_)anet(_dot_)at_location(_dot_)zip


The viruses include Bagle.G, Sober.D and so on

best,
rob.




_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>