Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!!

[Kevin van Haaren <kevinv () HOCKEY NET>]

you're missing the wsf extension.  This is the new WSH 2.0 extension
for scripts in XML format.
http://msdn.microsoft.com/scripting/default.htm?/scripting/windowshost/doc/wsadvantagesofws.htm

kevin


At 04:07 -0500 2/13/2001, Daniel Martin wrote:
> David Luyer <david_luyer () PACIFIC NET AU> writes:
>
> >  ; tail -11 /etc/sendmail.cf
> >  HSubject: $>CheckSubject
> >  SCheckSubject
> >  RILOVEYOU              $#error $: 553 ILOVEYOU Virus detected
> >  RHere you have, ;o)    $#error $: 553 Anna Kournikova virus detected
>
> While this is all well and good (and will work for this virus), it is
> worthless against those vbs virii that randomize their subject lines
> (which happens).  Also, with this method one is constantly reacting to
> virus outbreaks after they happen.  Is there any way to get a sendmail
> rule to block based on the contents of a message - I'm thinking that a
> useful pattern to block on would be the filename of an attachment; if
> the filename matches the perl regexp
>
>        \.\w{2,5}\.(vbs|exe|com|hta|pl|bat|wsh|js)$
>
> case insensitively, then chances are that it's up to no good.  Such a
> rule could have been constructed in the aftermath of ILOVEYOU, and
> were it already in place it would have prevented this virus from
> spreading through your mailserver.  (I wouldn't necessarily do a
> reject based on this rule match, but I would hold the email until I
> was given a chance to examine it manually and determine whether or not
> it should really go through).