Re: bypassing Sirc32
On Fri, 17 Aug 2001, Jordi S . Bunster wrote:
> But, still, that makes a lot of load here. Can I, trough a sendmail
> and/or procmail rule, simple send those messages to /dev/null as soon
> as they arrive? Have anyone done something similar? Would that reduce
> the load?
I use exim's filter language to block it:
# The W32/Sircam virus is sending messages with lower case date: headers
# (The upper-case CONTAINS makes the string comparison case sensitive.)
if $message_headers CONTAINS "\ndate: " and
$message_headers contains "_Outlook_Express_message_boundary"
fail text "Suspect W32/Sircam virus message"
If you don't want to reply (bounce) with a big message set the Exim
directive return_size_limit to the amount of bytes you will reply.
Jeremy C. Reed
echo 'G014AE824B0-07CC?/JJFFFI?D64CB>D=3C427=>;>6HI2><J' |
tr /-_ :\ Sc-y./ | sed swxw`uname`w