on Sat, Jul 28, 2001 at 04:31:13PM -0400, Joey Hess (joeyh@debian.org) wrote:
> begin Colin Watson quote:
> > That's the SirCam virus, which causes its victims to unknowingly send
> > mail to addresses harvested from their web cache. Not much you can do
> > about it, AFAIK.
>
> Oh sure there is. You can procmail it to /dev/null (anyone have a good
> recipe? Mine sucks).
A good one (for English versions of SirCam) was posted to LinuxToday.
My slight adaptation ('This is an automatically generated message'):
------------------------------------------------------------------------
# SirCam spam recipie, from LinuxToday, Tue Jul 24 22:28:09 PDT 2001
:0 Bh
*I send you this file in order to have your advice
*daeLRCQEM9KJEIN8JAwAdBmLRCQEi1QkCIkQi0\QkDCtEJAiLVCQEiUIEg8QUXV9eW8NTVldV
| (formail -rtb -I "Precedence: junk" \
-I "Subject: SirCam Virus Spam Worm"; \
echo "Your computer is infected with the SirCam worm. Please see"; \
echo "http://www.wired.com/news/technology/0,1282,45427,00.html for more inf
ormation." \
echo "This is an automatically generated message.") \
| $SENDMAIL -oi -t
------------------------------------------------------------------------
> Or you can go a step further, and just procmail all mail from
> virus-prone windows MTA's to /dev/null, which I am seriously
> considering doing, except for this annoying problem that I
> occasionally hear from debian users who are stuck in windows for some
> reason and I'd hate to blanket reject their mail.
A passfile (allowed users) followed by a reject ruleset (broken mailers)
might be a way around this. Lars Wirzenius's procmail filter rules
('spamfilter' package) works pretty well for this, though it's complex.
Cheers.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Free Dmitry!! Boycott Adobe!! Repeal the DMCA!! http://www.freedmitry.org
Attachment:
pgpBRyHNFzRKU.pgp
Description: PGP signature