Re: Is swen back?
Andreas Janssen writes:
>
> Alphonse Ogulla (<ogulla@uonbi.ac.ke>) wrote:
>
> > Got 200 plus mail bombs in my pop3 account this morning. Luckily I
> > used Kmail and filtered (deleted) every incoming message of size
> > greater than 40Kb. Just wondering, is swen back from holiday? How you
> > people managing?
>
> From my point of view, it looks like it never really went away. Over the
> last months, I get between 30 to 50 of this viruses, mostly swen, every
> day. Sometimes until the daily forwarding quota for my bigfoot account
> is exceeded.
>
FYI, if you are running procmail in a shell account:
:0 BD
* ^(T(24gRXJ|V(oAAAI|pQAAI|psAAE|qQAAM))|(UEsDBBQ))
/dev/null
in your ~/.procmailrc will catch most M$ executables in your e-mail
and trash them.
Be advised that if you expect executables in your e-mail, it will
trash them too, as well as zipped files-so you would have to make a
policy on that.
John
BTW, the recipe looks for the base64 encoded M$ executable
header/loader information in the beginning of the file in the e-mail
body. See /usr/share/misc/magic for particulars.
--
John Conover, conover@rahul.net, http://www.johncon.com/
Reply to: