Re: W32(_dot_)Netsky(_dot_)Z(_at_)mm

----- Original Message ----- 
From: "Dallman Ross" <dman(_at_)nomotek(_dot_)com>
To: <procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE>
Sent: Monday, September 06, 2004 9:59 PM
Subject: Re: W32(_dot_)Netsky(_dot_)Z(_at_)mm


> On Mon, Sep 06, 2004 at 08:00:04PM +0100, Obantec Support wrote:
> > the e-mail's contain an attachment W32(_dot_)Netsky(_dot_)Z(_at_)mm in the 
> > form
Important.zm9
> > or other random .zm9 files.
> >
> > Since the message always seems to be the same would it be safe to simple
> > write a rule to drop messages with this body? if yes a little help with
the
> > rule would be nice.
> Well, sure, as long as you don't think you're going to miss anything
> coming in that's not a virus but says "Important document!"
>
>   TRASH = /var/tmp/probably_netsky
>
>   :0 B D  # case-sensitive to avoid false positives, hence the 'D' flag
>    * ()\<Important document!
>    $TRASH
>
>
> > I am looking into a virus scanner for the server and would also
appreciate a
> > little input. OS is RH6.2 (old i know but no way to upgrade at this
time.)
> Well, this is a good time to announce, then, that I updated Virus
Snaggers(tm)
> to ver. 2.1 effective yesterday.  See link in my .sig.
>
> Dallman Ross
> [ Virus Snaggers ver. 2.10 now up at <http://vsnag.spamless.us/> ]
>
>
> ____________________________________________________________
> procmail mailing list   Procmail homepage: http://www.procmail.org/
> procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
> http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
I installed latest snaggers and its working a treat :)

Thanks

Mark



____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail