On Thu, Aug 21, 2003, Muli Ben-Yehuda wrote about "Re: Procmail recipe for filtering Sobig-originated E-mail?": > > > Before I invest time in the subject, I'd like to know if anyone > > already developed a procmail recipe for this virus, based upon the > > Google for it; I saw such a recipe mentioned in several places.
For catching the virus itself, try :0 B: * 1^0 ^Tvfh9s6oKBjZ3rmrJ8mQiJzLiJ84ZouNAv7VMyN6M virus But the big problem isn't the virus - it's the bounces from all the people that got this virus supposedly from me. These bounces include a anti-virus spam (anti-virus makers know there is no point in replying to viruses, but they do so anyway, as a way to "legitimately" spamvertize their products) and bounces from non-existant or out-of-quota addresses. In the last two days I got almost 400 bounces (!) and only about 40 copies of the actual virus. Pretty soon I'll need to start coding a bounce analyzer, which should only show me bounces that are relevant to actual emails that I had sent out :( -- Nadav Har'El | Thursday, Aug 21 2003, 23 Av 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |In God we Trust -- all others must submit http://nadav.harel.org.il |an X.509 certificate. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
