Security Incidents mailing list archives
Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!!
From: Dan Riley <dsr () MAIL LNS CORNELL EDU>
Date: Tue, 13 Feb 2001 15:08:32 -0500
Daniel Martin <dtmartin24 () HOME COM> writes:
While this is all well and good (and will work for this virus), it is worthless against those vbs virii that randomize their subject lines (which happens). Also, with this method one is constantly reacting to virus outbreaks after they happen. Is there any way to get a sendmail rule to block based on the contents of a message - I'm thinking that a useful pattern to block on would be the filename of an attachment; if the filename matches the perl regexp \.\w{2,5}\.(vbs|exe|com|hta|pl|bat|wsh|js)$
If you're willing to install procmail as your mail delivery agent, http://www.impsec.org/email-tools/procmail-security.html can do what you want. -- Dan Riley dsr () mail lns cornell edu Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/> "History teaches us that days like this are best spent in bed"
Current thread:
- NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Joseph, Lorne (Feb 12)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! David Luyer (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Daniel Martin (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Dan Riley (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Ron Johnson (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Kevin van Haaren (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Mark Lastdrager (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Daniel Martin (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! David Luyer (Feb 13)