Security Incidents mailing list archives
Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!!
From: Mark Lastdrager <mark () PINE NL>
Date: Tue, 13 Feb 2001 09:53:13 +0100
At Tue, 13 Feb 2001, Incidents Mailing List wrote:
We are working with the infrastructure group to see how we can block or filter this particular message. In the interim, the best anti-virus protection is good 'ole common sense.; tail -11 /etc/sendmail.cf HSubject: $>CheckSubject SCheckSubject RILOVEYOU $#error $: 553 ILOVEYOU Virus detected RHere you have, ;o) $#error $: 553 Anna Kournikova virus detected Kchkfrm regex -a@REJ hahaha () sexyfun net HFrom: $>CheckFromHeader SCheckFromHeader R$* $: $(chkfrm $1 $) R@REJ $#error $: 553 Some virus detected
Blunt method to do this on Postfix (not tested, based on Loveletter fix from some time ago) Create file header_checks with: /Content.*\.vbs/ REJECT And add the following to main.cf: header_checks = regexp:/path/to/postfix/config/header_checks It's also possible to filter on subject ofcourse, but history has teached us viruses may mutate. On http://www.amavis.org/ you can find a quite good mail virus scanner. Mark Lastdrager -- Pine Internet BV :: tel. +31-70-3111010 :: fax. +31-70-3111011 PGP 92BB81D1 fingerprint 0059 7D7B C02B 38D2 A853 2785 8C87 3AF1 Today's excuse: Your processor has processed too many intructions. Turn it off emideately, do not type any commands!!
Current thread:
- NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Joseph, Lorne (Feb 12)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! David Luyer (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Daniel Martin (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Dan Riley (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Ron Johnson (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Kevin van Haaren (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Mark Lastdrager (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Daniel Martin (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! David Luyer (Feb 13)