[linux-elitists] sobig.f: Microsoft Windows virus, not computer virus

M. Drew Streib dtype@dtype.org
Sat Aug 23 12:05:45 PDT 2003


On Sat, Aug 23, 2003 at 11:58:56AM -0700, Aaron Lehmann wrote:
> Got a simple pattern to stop these, like a procmail rule? My account
> is getting 200MB (2000) of them a day. Spamassassin has been filing
> them away into the suspected spam folder, but they're taking up a lot
> of diskspace and spamassassin time.

Exim filter rules follow. See the exim filter specification for how
to enable these (very very easy).

These could also be put in one regexp very easily. I just filter on 
the known filenames for sobig.f.

===============

# Exim filter

if $message_body matches name=\\"your_details\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"document_9446\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"thank_you\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"wicked_scr\\.scr\\"
then
	seen finish
endif

if $message_body matches name=\\"application\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"your_details\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"your_document\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"details\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"movie0045\\.pif\\"
then
	seen finish
endif

if $message_body matches name=\\"document_all\\.pif\\"
then
	seen finish
endif

===============

> I'd also like to stop the bounces, but that's a tougher problem :/

I'm actually temporarily bitbucketing all mail coming from mailer-daemons.
I know it isn't right, but until this worm subsides, I'm not reading them
anyway.

-drew

-- 
M. Drew Streib <dtype@dtype.org>
Independent Rambler, Software/Standards/Freedom/Law -- http://dtype.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030823/79c40444/attachment.pgp 


More information about the linux-elitists mailing list