[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bypassing Sirc32

On Fri, 17 Aug 2001, Jordi S . Bunster wrote:

> But, still, that makes a lot of load here. Can I, trough a sendmail
> and/or procmail rule, simple send those messages to /dev/null as soon
> as they arrive? Have anyone done something similar? Would that reduce
> the load?

I use exim's filter language to block it:

# The W32/Sircam virus is sending messages with lower case date: headers
# (The upper-case CONTAINS makes the string comparison case sensitive.)
if $message_headers CONTAINS "\ndate: " and
   $message_headers contains "_Outlook_Express_message_boundary"
   fail text "Suspect W32/Sircam virus message"
   seen finish

If you don't want to reply (bounce) with a big message set the Exim
directive return_size_limit to the amount of bytes you will reply.

  Jeremy C. Reed
echo 'G014AE824B0-07CC?/JJFFFI?D64CB>D=3C427=>;>6HI2><J' |
tr /-_ :\ Sc-y./ | sed swxw`uname`w

Reply to: