I have been hit hard in the past by the sircam virus.
I am currently being hit hard by the Klez virus.
I was given a procmail recipe for the sircam months ago and I now have one
for the Klez.
Since I started using the sircam recipe I have not received a single sircam
virus.
Since I started using the Klez recipe I have confirmed 182 out or 182
emails with the Klez. Now they go to /dev/null. I have only had one get
through, that is better than 50 per day.
I was asked to post the procmail recipes for others. I am not a procmail
user by choice, but by necessity. I do not really understand them except
to say they are helping me.
Here is my procmailrc file that is in my /etc directory. It may not make
to to everyone due to the sircam text.
I have removed a piece of the sircam script as it sends an email to the
sender telling them their computer is infected and a link to an anti-virus
site.
************************start of procmailrc ************************
SHELL=/bin/csh
LOGFILE=/var/log/procmail.log
:0
* 1^0 ^Content-Type:/*(multipart|attachment)
* 1^0 B ?? Hi\! How are you(\?|=3F)
* 1^0 B ?? I send you this file in order to have your advice
* 1^0 B ?? See you later (\.|=2E) Thanks
* 1^0 B ?? Hola como estas *\?
* 1^0 B ?? Te mando este archivo para que me des tu punto de vista
* 1^0 B ?? Nos vemos pronto, gracias\.
* 1^0 B ?? I hope you like the file that I send( t)?o you
* 1^0 B ?? This is the file with the information that you ask for
{
:0
/dev/null
}
:0
* ^Content-Type:.*(multipart|attachment)
{
:0B
* > 50000
* ^Content-Type:[ ]*(audio/x-|application)
* 1^0 ()<i?frame[ ]*src=(3d)?cid:
* 1^0 ^--[^ ]+$$Content-
* 1^0 ^--[^ ]+$--[^ ]+$
/dev/null
}
************************end of procmailrc ************************
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
