From owner-freebsd-questions Sun Jul 22 22:24:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194]) by hub.freebsd.org (Postfix) with ESMTP id B5BDD37B405 for ; Sun, 22 Jul 2001 22:24:10 -0700 (PDT) (envelope-from so@server.i-clue.de) Received: from i-clue.de (automatix.i-clue.de [192.168.0.112]) by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id HAA16706; Mon, 23 Jul 2001 07:32:10 +0200 Message-ID: <3B5BB586.74738053@i-clue.de> Date: Mon, 23 Jul 2001 07:26:30 +0200 From: Christoph Sold Reply-To: so@server.i-clue.de X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Thierry Black Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SirCam virus References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thierry Black wrote: > > Hello again! My server has received copies of this "SirCam" virus notified > at www.symantec.com. We are using sendmail, and cyrus for delivery. How can > I put a rule to block the messages? The subject, sender, attachment name, > and headers are all random (taken from the virus victims email). The only > common things are in the body. The messages start with "Hi! How are you?" > and end with "See you later. Thanks". > > I need to block these messages from being sent to or from our email server. > I have heard of procmail, but I don't know hwo to use it with sendmail 8.9.3 > and cyrus. Have a look at amanda (www.amanda.org). It needs a (copmmercial) virus scanning engine to scan the mails, but it is able to scan all part fo a message (including compressed archives). HTH -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message