From owner-freebsd-questions Sun Jul 22 23:41:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 6C34437B408 for ; Sun, 22 Jul 2001 23:41:29 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f6N6fQ837225; Sun, 22 Jul 2001 23:41:27 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Thierry Black" , Subject: RE: SirCam virus Date: Sun, 22 Jul 2001 23:41:26 -0700 Message-ID: <000001c11342$7ee09020$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Actually this virus is an easy one to block. According to the advisory there is always one of the following strings: "Hi! How are you?" "I send you this file in order to have your advice" So all you need to do is replace the local delivery agent with Procmail and write a procmail recipe to filter out messages containing either of those strings. I did a column on this a while ago it's here: http://www.computerbits.com/archive/1998/1000/lan9810.html You really ought to be doing this for your spamfiltering anyway. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Thierry Black >Sent: Sunday, July 22, 2001 9:32 PM >To: freebsd-questions@FreeBSD.ORG >Subject: SirCam virus > > >Hello again! My server has received copies of this "SirCam" virus notified >at www.symantec.com. We are using sendmail, and cyrus for delivery. How can >I put a rule to block the messages? The subject, sender, attachment name, >and headers are all random (taken from the virus victims email). The only >common things are in the body. The messages start with "Hi! How are you?" >and end with "See you later. Thanks". > >I need to block these messages from being sent to or from our email server. >I have heard of procmail, but I don't know hwo to use it with sendmail 8.9.3 >and cyrus. > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message