On Friday, March 21, 2003 at 09:55:32GMT +0100 (which was 3:55 AM where I live) Roelof Otten wrote and made these points on the subject of "Nod32 + Filtering + Return Email": RO> Hallo David,
RO> On Thu, 20 Mar 2003 19:31:46 -0500GMT (21-3-03, 1:31 +0100, where I RO> live), you wrote: <SNIP> RO> Since, you're doing a manual reply the message already has the correct RO> destination and subject line, so the only thing thing you've got to RO> enter in the 'virus' quick template is this: RO> ,----- [ ] RO> | Hi %OFromName, RO> | RO> | You sent me a virus, this is my scanner's info: RO> | RO> | %SETPATTREGEXP="(__________ NOD32.*\n?www.nod32.com)"%- RO> | %REGEXPBlindMATCH="%Text"%subpatt="1" RO> | RO> | %Clear RO> `----- RO> I've tested it on the first message in this thread, where you posted a RO> sample of nod32's message and it worked. Thanks, though I've adjusted it to the following, anything I can do to help them track it down after all. ,----- [ ] | Hi %OFromName, | |%WRAPPED="You accidently sent me a virus by email with the following information:" | | DATE: %ODATE | TIME: %OTIMELONG | SUBJECT: %OSUBJ | ATTACHMENT(S): %OATTACHMENTS | |Below is the info from my virus scanner: | | %SETPATTREGEXP="(__________ NOD32.*\n?www.nod32.com)"%- | %REGEXPBlindMATCH="%Text"%subpatt="1" | | %Clear | `----- [ ] RO> Just remember to be careful to whom you send it. As Jonathan and RO> Jernej stated, most modern viruses spoof the from address, so only RO> reply to the message when you're sure (no when you only think it might RO> be) about who's the sender of the virus. I certainly will. Now if I could just get someone to send me a real virus so I can test out my setup on something other than the EICAR file. -- Best regards, David Member of E-mailaholics International PGP Key at http://search.keyserver.net:11371/pks/lookup?op=get&search=0xCC7E7664 How do I set my LaserPrinter to "Stun"? Using The Bat! v1.62i on Windows XP 5.1 Build 2600Service Pack 1 ________________________________________________ Current version is 1.62 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
