Just a heads-up, I received a few emails today with a ZIP attachment. The
ZIP file contained a PIF file that included the virus.
--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
Email: [EMAIL PROTECTED]
WWW: http://www.evoch.com/
-----Original Message-----
From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 27, 2004 2:30 PM
To: CF-Talk
Subject: Fast AV Code
-- This was sent earlier but Earthlink is probably screwed up with the
virus. If you see it again, that's why. --
When we had the last virus outbreak, I wrote a fast piece of code that
removed every instance of the virus from a persons mail box (it was part of
my custom spam filter). I've done the same for this one as well.
<CFLOOP QUERY="qSpam">
<CFIF len(ATTACHMENTS) and (REFindNoCase('\.pif|\.scr|\.cmd|\.bat',
attachments) OR REFindNoCase('^(hi|test|mail delivery
system|status|hello|error|Mail Transaction Failed|Server Report|Message
status from e-mail system|failure notice)$', subject))>
<CFSET lDeleteUID=ListAppend(lDeleteUID, UID)>
</CFIF>
</CFLOOP>
Basically, I want to kill every message with an attachment of pif, scr, cmd
or bat. Additionally, if the message has an attachment and a specific
subject, I want that deleted as well. It's not foolproof (my full version
makes sure eml attachments are never deleted) but will work for most people.
Personally, 1/4 of my normal mail and over 1/2 of my admin mail has been
this virus.
My personal recomendation are to either:
1. Get iMS with the built in Prism AV scanner
2. Get a third party AV scanner for your mail system
3. Write your own cleaner
Fun. :)
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
