On Mon, 6 Sep 2004, Dallman Ross wrote:
On Mon, Sep 06, 2004 at 08:00:04PM +0100, Obantec Support wrote:
the e-mail's contain an attachment W32(_dot_)Netsky(_dot_)Z(_at_)mm in the
form Important.zm9
or other random .zm9 files.
Since the message always seems to be the same would it be safe to simple
write a rule to drop messages with this body? if yes a little help with the
rule would be nice.
Well, sure, as long as you don't think you're going to miss anything
coming in that's not a virus but says "Important document!"
TRASH = /var/tmp/probably_netsky
:0 B D # case-sensitive to avoid false positives, hence the 'D' flag
* ()\<Important document!
$TRASH
It will be more save to say:
:0 B D
* -3^0
* 2^0 ()\<Important document!
* 2^0 ()\.zm9\>
$TRASH
That means only "Important document!" _AND_ "zm9" files
Bye,
Udi
I am looking into a virus scanner for the server and would also appreciate a
little input. OS is RH6.2 (old i know but no way to upgrade at this time.)
Well, this is a good time to announce, then, that I updated Virus Snaggers(tm)
to ver. 2.1 effective yesterday. See link in my .sig.
Dallman Ross
[ Virus Snaggers ver. 2.10 now up at <http://vsnag.spamless.us/> ]
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
+++++++++++++++++++++++++++++++++++++++++++
This Mail Was Scanned By Mail-seCure System
at the Tel-Aviv University CC.
---------------------------------------------------------------------------
Udi Motelo - Unix System Administrator.
Faculty of Engineering - Tel-Aviv University
E-Mail: uuddii(_at_)eng(_dot_)tau(_dot_)ac(_dot_)il Phone: +972-3-6408958
---------------------------------------------------------------------------
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail