----- Original Message -----
From: "Dallman Ross" <dman(_at_)nomotek(_dot_)com>
To: <procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE>
Sent: Monday, September 06, 2004 9:59 PM
Subject: Re: W32(_dot_)Netsky(_dot_)Z(_at_)mm
On Mon, Sep 06, 2004 at 08:00:04PM +0100, Obantec Support wrote:
the e-mail's contain an attachment W32(_dot_)Netsky(_dot_)Z(_at_)mm in the
form
Important.zm9
or other random .zm9 files.
Since the message always seems to be the same would it be safe to simple
write a rule to drop messages with this body? if yes a little help with
the
rule would be nice.
Well, sure, as long as you don't think you're going to miss anything
coming in that's not a virus but says "Important document!"
TRASH = /var/tmp/probably_netsky
:0 B D # case-sensitive to avoid false positives, hence the 'D' flag
* ()\<Important document!
$TRASH
I am looking into a virus scanner for the server and would also
appreciate a
little input. OS is RH6.2 (old i know but no way to upgrade at this
time.)
Well, this is a good time to announce, then, that I updated Virus
Snaggers(tm)
to ver. 2.1 effective yesterday. See link in my .sig.
Dallman Ross
[ Virus Snaggers ver. 2.10 now up at <http://vsnag.spamless.us/> ]
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
I installed latest snaggers and its working a treat :)
Thanks
Mark
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail