On Wed, Feb 04, 2004 at 01:59:32AM +0000, Antony Gelberg wrote: > Hi all, > > I haven't been around for a bit - had to unsub whilst I was waiting for > ADSL in my new flat. I was wondering - I have the following in my > procmailrc to kill the last but one main virus that was going around: > :0 > * > 140000 > * < 165000 > { > :0 BD > * b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv > /dev/null > } > > Anyone have a similar rule to nuke this new mymail worm? I have some > samples if anyone can tell me how to analyse them to paste the correct > thing in the BD line. This beastie doesn't set the Message-Id: header. I find I can zap it quite happily by looking for Message-Id: headers that have been added by my ISP's mail relay; the following mailfilter rule works: DENY=^Message-Id:.*<.*@store[0-9]\.mail\.uk\.easynet\.net> ...adjust to fit your ISP's relay and translate to procmailese. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
Attachment:
pgpXhEtW9grB2.pgp
Description: PGP signature