Jarno Elonen just posted in debian-mentors these useful guidelines to
fight against those anoying messages. This works great for me, and
serve as a basis to fight against future similar viruses.
Regards, Ismael
----- Forwarded message from Jarno Elonen <elonen@iki.fi> -----
From: Jarno Elonen <elonen@iki.fi>
Subject: Filter for W32/Swen@MM
To: debian-mentors@lists.debian.org
Date: Sat, 20 Sep 2003 16:38:37 +0300
Sven Luther wrote:
> BTW, the attachement is of md5sum b09e26c292759d654633d3c8ed00d18d.
>
> Anyone know of an easy way to filter out emails where a given
> attachement has a particular md5sum ?
I wrote a helpfull Python script this morning and have successfully filtered
about 60(!) virus mails with it today already.
http://elonen.iki.fi/code/misc-notes/mpartinfo2hdr/
The program - when a message is piped though it - analyzes mail attachments
and puts the results in the header...
X-Msg-Part-Info: attachment; size="106496";
md5sum="b09e26c292759d654633d3c8ed00d18d";
claimedmime="audio/x-wav"; name="gvzvfszn.exe";
guessedmime="application/x-dosexec"
... so that one can write mail reader rules to filter messages with certain
attachments. I'm using Kmail myself, with the following rules:
Add the attachment info to header:
1) 'To' doesn't equal 'MATCH_FOR_ALL' =>
'pipe through' '/home/jarno/bin/mpartinfo2hdr'
DON'T stop if this matches
Remove certain virus mail:
2) 'any header' matches regexp
'X-Msg-Part-Info:.*b09e26c292759d654633d3c8ed00d18d'
=> move to trash
Move probably virus mail:
3) 'any header' matches regexp
'X-Msg-Part-Info:.*guessedmime="application.x-dosexec"'
OR
'any header' matches regexp
'X-Msg-Part-Info:.*name="[^"]*\.pif".*'
=> move to folder 'virus'
- Jarno
--
To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
----- End forwarded message -----
--
"Tout fourmille de commentaries; d'auteurs il en est grande cherté"
Attachment:
signature.asc
Description: Digital signature