Mon Sep 22 00:17:16 PDT 2003
On 22 Sep 2003 "Matthew W. Miller" <firstname.lastname@example.org> wrote:
> On Sun, Sep 21, 2003 at 07:34:36PM -0400, James Morris wrote:
> >Does anyone have a good procmail recipe for catching this one? I've
> >managed to block 26MB of it (just for my account), but can't keep up
> >with all of the variations.
This matches the start of a base64-encoded PE executable. I have no
desire to every receive them by email. Despite the varying headers,
every(?) worm to date has contained this in the body.
Also, to catch stupid bounce messages:
* Subject:.*(Thank you!|(My|Your|re:) (application|details)|That movie|Virus|delivery fail|blocked attachment|delivery notification|returned mail|Prohibited|delivery status notification|undeliver(ed|able)|wicked screensaver|re: approved|report to sender)
I then set up logrotate to roll over the log file and virus mailbox
every week or so.
An elitist receives their mail through a shell box where they can run
server-side procmail or spamassassin filtering.
More information about the linux-elitists