Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Botnets, IRC servers and firewalls?

From: Barney Wolff <barney () databus com>
Date: Mon, 2 Feb 2004 18:36:00 -0500
On Mon, Feb 02, 2004 at 05:02:58PM -0500, Paul Robertson wrote:


($diety knows we've got too many content filters and AV bouncers- I'm
about to start collecting regexps for those to add to my block lists.)


I saw the following procmail recipe on nanog.  Haven't tried it yet,
but the poster is fairly reliable :)

From: Randy Bush <randy () psg com>

# MyDoom craziness
:
* ^Subject:.*(\
\{Spam\?\} Warning: E-mail viruses detected|\
Anti-Virus Notification|\
BANNED FILENAME|\
Disallowed attachment type found in sent message|\
File blocked - ScanMail for Lotus|\
InterScan NT Alert|\
Message deleted|\
NAV detected a virus|\
Norton AntiVirus detected|\
RAV AntiVirus scan|\
Returned due to virus|\
Skynet Mail Protection|\
Symantec AntiVirus|\
Undeliverable: test|\
VIRUS \(.*\) IN MAIL FROM YOU|\
VIRUS \(.*\) IN MAIL TO YOU|\
VIRUS IN YOUR MAIL|\
Virus Detected by Network Assoc|\
Virus Notification|\
Virus found in a message you sent|\
Virus found in sent message\
)
$TRASH

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: