Concept Virus/Nimda sendmail-filter.

[Jonas Stahre <yes () natverket com>]

Quick Anti-Concept-Virus/Nimda-sendmail-hack.

Looking at the binary of the virus is noticed that it seemed to have a
hardcoded boundary and wrote a quick sendmail rule to filter it out.

It will probably slow down your mailserver and break alot of things and I am
not even sure it works (since I haven't been able to test it on a live virus
yet). So you use it on your own risk.

Use it, improve it or ignore it.

---8<--cut here-----------

# Concept Virus(CV) V.5/Nimda-filter by Jonas Stahre (2001-09-19)
#   Love to my wife and my daughter. :)
HContent-Type: $>Check_Content_Type_Header
SCheck_Content_Type_Header
R$*;$*;boundary="====_ABC1234567890DEF_===="    $#error $: 553 Warning! This
message may contain the Concept Virus(CV) V.5

----8<--- and here ----------

!!!! Remember to put tabs infront of $#error !!!!

If you use it and succeed in stopping viruses, or have suggestions on how to
improve it, please mail me at yes () ludd luth se.

  /Jonas Stahre

#!/bin/sh -- # set i=echo;set I='u[Cu[Cu[C';set l="tr u \033";$L       .-.
clear;cat $0;cat $0|sed '/D/d;s/L.*$/l/;s/.*# //;s/1/;71H/g'|csh -f;[   V   ]
# while 2;$i "u[31/$I\u[21 $I "|$l;$i "u[31 $I u[21_${I}_"|$L         (( ))
# end;$i "u[31 $I u[21\$I/"|$l;$i "u[21_${I}_"|$L  -yes () ludd luth se-  ^ ^

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com