> The existing patches for this macro virus seem to me to miss the mark.
> Does anyone on this list currently have a copy of the macro virus?
A copy was posted to bugtraq a while ago... along with simple details
of how someone who receives this message (even on a PC) can save the
source.
I'm personally waiting for papa.
> Trying to block a virus like this by its signature text is, to me, silly,
I agree... yet, sendmail had a "silly ruleset patch" up very quickly...
although I hear the patch only prevent relaying, not reception of the
virus message.
> AutoExec, messing with the registry, and rewriting normal.dot. Any
> other suggestions? Is anyone else already doing this? I don't want
> to reinvent the wheel, but I don't want to go for a commercial
> antivirus package either. A free software (in the FSF sense) antivirus
> package would probably be acceptable though, but I don't know of any of
> those.
Search bugtraq archives... and/or if you still can't find it, email me
personally and I'll return the posted copy to you. Would it be
inappropriate to post the code to this list?
Scott
ps: I should post my qmail worm.
