Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Procmail for swen?



On Sat, 20 Sep 2003, Duane Morin wrote:

> Ok, I can't take it anymore.  Anybody got some procmail rules for
> killing incoming swen mail?  I've got north antivirus but that's
> installed on my windows machine -- I check 90% of my email on a linux
> console.

It's late of course, but here's the recipe Randal Schwartz posted when
this question came up on another list:

    Date: 22 Sep 2003 09:24:59 -0700
    From: Randal L. Schwartz <merlyn at stonehenge.com>
    To: Rick <rick at fu2k.org>
    Subject: Re: (void) worm signature for procmail

    >>>>> "Rick" == Rick  <rick at fu2k.org> writes:

    Rick> Anybody got a signature for the Swen worm that I can plug into
    Rick> procmail?  Its starting to pick up the pace and get on my tits.
    Rick> I have had a look around but cant find one yet so any pointers
    Rick> would be appreciated.

    I'm using this with pretty good success against both SWEN and SOBIG:

        # http://www.xs4all.nl/~rsmith/spamblock.html
        # gaaaah!
        :0 BHh
        * ^Content-Type: multipart/(mixed|alternative)
        * ^Content-Type:.*(audio/x-|application|x-rasmol)
        * name=.*\.(scr|com|bat|pif|lnk|exe)
        $HOME/sobig.f

    Of course, it traps *any* MS executable, but you shouldn't be getting
    those anyway, right?

    The headers end up in the file (anachronistically named here).

    --
    Randal L. Schwartz
    [rest of his .sig snipped]

Looks like a decent, general purpose solution to me.


-- 
Chris Devers




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org