Security Incidents mailing list archives
Concept Virus/Nimda sendmail-filter.
From: Jonas Stahre <yes () natverket com>
Date: Thu, 20 Sep 2001 08:32:50 +0200
Quick Anti-Concept-Virus/Nimda-sendmail-hack. Looking at the binary of the virus is noticed that it seemed to have a hardcoded boundary and wrote a quick sendmail rule to filter it out. It will probably slow down your mailserver and break alot of things and I am not even sure it works (since I haven't been able to test it on a live virus yet). So you use it on your own risk. Use it, improve it or ignore it. ---8<--cut here----------- # Concept Virus(CV) V.5/Nimda-filter by Jonas Stahre (2001-09-19) # Love to my wife and my daughter. :) HContent-Type: $>Check_Content_Type_Header SCheck_Content_Type_Header R$*;$*;boundary="====_ABC1234567890DEF_====" $#error $: 553 Warning! This message may contain the Concept Virus(CV) V.5 ----8<--- and here ---------- !!!! Remember to put tabs infront of $#error !!!! If you use it and succeed in stopping viruses, or have suggestions on how to improve it, please mail me at yes () ludd luth se. /Jonas Stahre #!/bin/sh -- # set i=echo;set I='u[Cu[Cu[C';set l="tr u \033";$L .-. clear;cat $0;cat $0|sed '/D/d;s/L.*$/l/;s/.*# //;s/1/;71H/g'|csh -f;[ V ] # while 2;$i "u[31/$I\u[21 $I "|$l;$i "u[31 $I u[21_${I}_"|$L (( )) # end;$i "u[31 $I u[21\$I/"|$l;$i "u[21_${I}_"|$L -yes () ludd luth se- ^ ^ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Concept Virus/Nimda sendmail-filter. Jonas Stahre (Sep 20)