nanog mailing list archives
procmail nimda e-mail filter
From: Bryan Bradsby <Bryan.Bradsby () capnet state tx us>
Date: Wed, 19 Sep 2001 01:37:47 -0500 (CDT)
# Detect W32.nimda worm and move to /var/tmp/nimda.DATE.username # w32.nimda.amm # :0 i * ^Content-Type: multipart/related * ^Content-Disposition: Multipart message * ^Subject: .*Software\\Microsoft\\Windo.*$ { :0 { DATE_=`date "+%Y%m%d"` } :0 B * ^Content-Type: audio/x-wav /var/tmp/nimda.$DATE_.$LOGNAME } recycled electrons from sircam... -bryan bradsby NOC: 512-475-2432 Texas State Government Net -- Any technology distinguishable from magic is insufficiently advanced.
Current thread:
- Blocking nimda probes with a content-layer switch Joe Abley (Sep 18)
- procmail nimda e-mail filter Bryan Bradsby (Sep 18)
- Re: Blocking nimda probes with a content-layer switch Lincoln Dale (Sep 19)
- Re: Blocking nimda probes with a content-layer switch jeff (Sep 19)