Apanhados de outras listas, para filtrar o Swen e outros virus via
procmail:
**********************************
There's another way of filtering Swen more efficiently. Put the
following inside your .procmailrc and already procmail takes care of it:
:0
* > 140000
* < 165000
{
:0 BD
* b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv
/dev/null
}
That string is a base64-encoded part of the executable itself.
************************************
# Broad antivirus recipe:
#
# Look at attachment content. The 2nd condition is the header of a
# win32 exe encoded with base64. No matter how the virus is named,
# that header MUST have this specific form, or it won't be recognized
# by Windows as an exe. So every # attachment that starts with
# TVqQAAMAAAAEAAAA//8AALg is a win32 program: a # potential virus.
# The 3rd condition is the string "this program cannot be run in
# MS-DOS mode" encoded in base64. It's helps avoid false positives.
#
# Thank you Roland Smith <rsmith@xs4all.nl>
#
:0 B
* ^Content-Transfer-Encoding:.*base64
* ^TVqQAAMAAAAEAAAA//8AALg
* 4fug4AtAnNIbg
{
LOG="[virus: win32 exe] "
:0
/dev/null
}
--
jxz@uol.com.br
http://jxz.dontexist.org/
Attachment:
pgp4HzpeZiYnH.pgp
Description: PGP signature