On Tue, 09 Mar 2004, 09:07 GMT-08 Bryan Koschmann - GKT wrote:
Has anyone figured out a good recipe to block the bagle/beagle virus? I've
been searching around and having found anything. If anyone has I would
love to have it.
yes, this one has has blocked all of them:
http://antivirus.softlabs.info/
:-)
If you turn on EXTRACT_VIRUSES in the Configuration file, it will drop
out all the viruses. Since I have that filter running, no single virus
went in my mailbox anymore. Since today 00:00 server time, it catched
42 viruses:
# cat *procmail.log | egrep -c "^ Folder: .*\.virus"
42
# ls -l TRASH/viruses/* | grep -c 200403
42
Both these numbers are identical, which means that the virus
extraction succeeded on all of the infected mails.
Here are all the file names of the isolated viruses, along with the
directory in which they are residing, specifying its virus type:
# ls TRASH/viruses/*
TRASH/viruses/EXE:
20040309_200403090527(_dot_)AAA16167(_at_)anet(_dot_)at_all_document(_dot_)pif
20040309_200403091419(_dot_)JAA19177(_at_)anet(_dot_)at_document_4351(_dot_)pif
20040309_200403090643(_dot_)BAA16384(_at_)anet(_dot_)at_friend(_dot_)pif
20040309_200403091424(_dot_)JAA19233(_at_)anet(_dot_)at_application(_dot_)pif
20040309_200403090656(_dot_)BAA16497(_at_)anet(_dot_)at_your_product(_dot_)pif
20040309_200403091434(_dot_)JAA19295(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403090708(_dot_)CAA16609(_at_)anet(_dot_)at_your_picture(_dot_)pif
20040309_200403091503(_dot_)KAA19530(_at_)anet(_dot_)at_mails(_dot_)htm(_dot_)com
20040309_200403090737(_dot_)CAA16731(_at_)anet(_dot_)at_all_document(_dot_)pif
20040309_200403091504(_dot_)KAA19548(_at_)anet(_dot_)at_document_excel(_dot_)pif
20040309_200403090753(_dot_)CAA16845(_at_)anet(_dot_)at_ps(_dot_)com
20040309_200403091534(_dot_)KAA19823(_at_)anet(_dot_)at_document_full(_dot_)pif
20040309_200403090815(_dot_)DAA16972(_at_)anet(_dot_)at_your_product(_dot_)pif
20040309_200403091535(_dot_)KAA19855(_at_)anet(_dot_)at_my_details(_dot_)pif
20040309_200403090841(_dot_)DAA17157(_at_)anet(_dot_)at_all_document(_dot_)pif
20040309_200403091539(_dot_)KAA19881(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403090951(_dot_)EAA17698(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403091600(_dot_)LAA20031(_at_)anet(_dot_)at_mail2(_dot_)pif
20040309_200403090956(_dot_)EAA17737(_at_)anet(_dot_)at_message_part2(_dot_)pif
20040309_200403091603(_dot_)LAA20079(_at_)anet(_dot_)at_document_full(_dot_)pif
20040309_200403091022(_dot_)FAA17935(_at_)anet(_dot_)at_jokes(_dot_)rtf(_dot_)pif
20040309_200403091610(_dot_)LAA20118(_at_)anet(_dot_)at_document_excel(_dot_)pif
20040309_200403091141(_dot_)GAA18417(_at_)anet(_dot_)at_all_document(_dot_)pif
20040309_200403091650(_dot_)LAA20306(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403091146(_dot_)GAA18443(_at_)anet(_dot_)at_my_details(_dot_)pif
20040309_200403091709(_dot_)MAA20420(_at_)anet(_dot_)at_your_document(_dot_)pif
20040309_200403091243(_dot_)HAA18624(_at_)anet(_dot_)at_document_word(_dot_)pif
20040309_200403091724(_dot_)MAA20486(_at_)anet(_dot_)at_your_bill(_dot_)pif
20040309_200403091306(_dot_)IAA18781(_at_)anet(_dot_)at_mp3music(_dot_)pif
20040309_200403091736(_dot_)MAA20570(_at_)anet(_dot_)at_your_product(_dot_)pif
20040309_200403091311(_dot_)IAA18813(_at_)anet(_dot_)at_object(_dot_)txt(_dot_)com
20040309_200403091749(_dot_)MAA20623(_at_)anet(_dot_)at_application(_dot_)pif
20040309_200403091326(_dot_)IAA18862(_at_)anet(_dot_)at_description(_dot_)com
20040309_200403091756(_dot_)MAA20670(_at_)anet(_dot_)at_yours(_dot_)pif
20040309_200403091335(_dot_)IAA18896(_at_)anet(_dot_)at_your_letter(_dot_)pif
20040309_eqbwnngcgwpamcdrwqs(_at_)anet(_dot_)at_Attach(_dot_)pif
20040309_200403091401(_dot_)JAA19067(_at_)anet(_dot_)at_your_text(_dot_)pif
TRASH/viruses/EZIP:
20040309_esjhmocisvnbfqexibt(_at_)anet(_dot_)at_TextFile(_dot_)zip
TRASH/viruses/ZIP:
20040309_200403090817(_dot_)DAA16995(_at_)anet(_dot_)at_found(_dot_)zip
20040309_200403091449(_dot_)JAA19414(_at_)anet(_dot_)at_document(_dot_)zip
20040309_200403090818(_dot_)DAA17029(_at_)anet(_dot_)at_your_details(_dot_)zip
20040309_200403091639(_dot_)LAA20251(_at_)anet(_dot_)at_attachment(_dot_)zip
20040309_200403091138(_dot_)GAA18361(_at_)anet(_dot_)at_location(_dot_)zip
The viruses include Bagle.G, Sober.D and so on
best,
rob.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail