Jarno Elonen just posted in debian-mentors these useful guidelines to fight against those anoying messages. This works great for me, and serve as a basis to fight against future similar viruses. Regards, Ismael ----- Forwarded message from Jarno Elonen <elonen@iki.fi> ----- From: Jarno Elonen <elonen@iki.fi> Subject: Filter for W32/Swen@MM To: debian-mentors@lists.debian.org Date: Sat, 20 Sep 2003 16:38:37 +0300 Sven Luther wrote: > BTW, the attachement is of md5sum b09e26c292759d654633d3c8ed00d18d. > > Anyone know of an easy way to filter out emails where a given > attachement has a particular md5sum ? I wrote a helpfull Python script this morning and have successfully filtered about 60(!) virus mails with it today already. http://elonen.iki.fi/code/misc-notes/mpartinfo2hdr/ The program - when a message is piped though it - analyzes mail attachments and puts the results in the header... X-Msg-Part-Info: attachment; size="106496"; md5sum="b09e26c292759d654633d3c8ed00d18d"; claimedmime="audio/x-wav"; name="gvzvfszn.exe"; guessedmime="application/x-dosexec" ... so that one can write mail reader rules to filter messages with certain attachments. I'm using Kmail myself, with the following rules: Add the attachment info to header: 1) 'To' doesn't equal 'MATCH_FOR_ALL' => 'pipe through' '/home/jarno/bin/mpartinfo2hdr' DON'T stop if this matches Remove certain virus mail: 2) 'any header' matches regexp 'X-Msg-Part-Info:.*b09e26c292759d654633d3c8ed00d18d' => move to trash Move probably virus mail: 3) 'any header' matches regexp 'X-Msg-Part-Info:.*guessedmime="application.x-dosexec"' OR 'any header' matches regexp 'X-Msg-Part-Info:.*name="[^"]*\.pif".*' => move to folder 'virus' - Jarno -- To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org ----- End forwarded message ----- -- "Tout fourmille de commentaries; d'auteurs il en est grande cherté"
Attachment:
signature.asc
Description: Digital signature