On Wed, Feb 04, 2004 at 01:59:32AM +0000, Antony Gelberg wrote:
> Hi all,
>
> I haven't been around for a bit - had to unsub whilst I was waiting for
> ADSL in my new flat. I was wondering - I have the following in my
> procmailrc to kill the last but one main virus that was going around:
> :0
> * > 140000
> * < 165000
> {
> :0 BD
> * b3IAAABBZG1pbgAAAEdFVCBodHRwOi8vd3cyLmZjZS52dXRici5jei9iaW4vY291bnRlci5naWYv
> /dev/null
> }
>
> Anyone have a similar rule to nuke this new mymail worm? I have some
> samples if anyone can tell me how to analyse them to paste the correct
> thing in the BD line.
This beastie doesn't set the Message-Id: header. I find I can zap it
quite happily by looking for Message-Id: headers that have been added
by my ISP's mail relay; the following mailfilter rule works:
DENY=^Message-Id:.*<.*@store[0-9]\.mail\.uk\.easynet\.net>
...adjust to fit your ISP's relay and translate to procmailese.
--
Pigeon
Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
Attachment:
pgpXhEtW9grB2.pgp
Description: PGP signature